, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1f00, 0x0, 0x0, 0x0)

[  105.840267][ T2313]  </TASK>
21:57:20 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x2000, 0x0, 0x0, 0x0)

21:57:20 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)

21:57:20 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x7000, 0x0, 0x0, 0x0)

21:57:20 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  105.968124][ T2332] FAULT_INJECTION: forcing a failure.
[  105.968124][ T2332] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  105.991901][ T2338] FAULT_INJECTION: forcing a failure.
[  105.991901][ T2338] name failslab, interval 1, probability 0, space 0, times 0
[  106.004578][ T2338] CPU: 1 PID: 2338 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
21:57:20 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x10fff, 0x0, 0x0, 0x0)

[  106.014661][ T2338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.024552][ T2338] Call Trace:
[  106.027672][ T2338]  <TASK>
[  106.030451][ T2338]  dump_stack_lvl+0x151/0x1b7
[  106.034963][ T2338]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.040437][ T2338]  ? __kasan_kmalloc+0x9/0x10
[  106.044945][ T2338]  ? alloc_fdtable+0xaf/0x2a0
[  106.049458][ T2338]  ? dup_fd+0x759/0xb00
[  106.053449][ T2338]  ? copy_files+0xe6/0x200
[  106.057709][ T2338]  ? kernel_clone+0x21e/0x9e0
[  106.062214][ T2338]  ? __x64_sys_clone+0x23f/0x290
[  106.066989][ T2338]  ? do_syscall_64+0x3d/0xb0
[  106.071414][ T2338]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.077321][ T2338]  dump_stack+0x15/0x17
[  106.081307][ T2338]  should_fail+0x3c6/0x510
[  106.085561][ T2338]  __should_failslab+0xa4/0xe0
[  106.090172][ T2338]  should_failslab+0x9/0x20
[  106.094499][ T2338]  slab_pre_alloc_hook+0x37/0xd0
[  106.099278][ T2338]  __kmalloc+0x6d/0x270
[  106.103269][ T2338]  ? kvmalloc_node+0x1f0/0x4d0
[  106.107868][ T2338]  kvmalloc_node+0x1f0/0x4d0
[  106.112294][ T2338]  ? vm_mmap+0xb0/0xb0
[  106.116196][ T2338]  ? __kasan_kmalloc+0x9/0x10
[  106.120712][ T2338]  ? kmem_cache_alloc_trace+0x115/0x210
[  106.126091][ T2338]  ? alloc_fdtable+0xaf/0x2a0
[  106.130605][ T2338]  alloc_fdtable+0xeb/0x2a0
[  106.134955][ T2338]  dup_fd+0x759/0xb00
[  106.138765][ T2338]  ? avc_has_perm+0x16f/0x260
[  106.143279][ T2338]  copy_files+0xe6/0x200
[  106.147358][ T2338]  ? perf_event_attrs+0x30/0x30
[  106.152045][ T2338]  ? dup_task_struct+0xc60/0xc60
[  106.156819][ T2338]  ? security_task_alloc+0xf9/0x130
[  106.161849][ T2338]  copy_process+0x1080/0x3290
[  106.166367][ T2338]  ? proc_fail_nth_write+0x20b/0x290
[  106.171486][ T2338]  ? fsnotify_perm+0x6a/0x5d0
[  106.176001][ T2338]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.180950][ T2338]  ? vfs_write+0x9ec/0x1110
[  106.185287][ T2338]  kernel_clone+0x21e/0x9e0
[  106.189624][ T2338]  ? file_end_write+0x1c0/0x1c0
[  106.194312][ T2338]  ? create_io_thread+0x1e0/0x1e0
[  106.199174][ T2338]  ? mutex_unlock+0xb2/0x260
[  106.203602][ T2338]  ? __mutex_lock_slowpath+0x10/0x10
[  106.208730][ T2338]  __x64_sys_clone+0x23f/0x290
[  106.213338][ T2338]  ? __do_sys_vfork+0x130/0x130
[  106.218006][ T2338]  ? ksys_write+0x260/0x2c0
[  106.222348][ T2338]  ? debug_smp_processor_id+0x17/0x20
[  106.227557][ T2338]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.233455][ T2338]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.238925][ T2338]  do_syscall_64+0x3d/0xb0
[  106.243176][ T2338]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.248904][ T2338] RIP: 0033:0x7faae203fda9
[  106.253159][ T2338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.272598][ T2338] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.280843][ T2338] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  106.288656][ T2338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  106.296466][ T2338] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  106.304281][ T2338] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  106.312089][ T2338] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  106.319905][ T2338]  </TASK>
[  106.322766][ T2332] CPU: 0 PID: 2332 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  106.332842][ T2332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.342735][ T2332] Call Trace:
[  106.345853][ T2332]  <TASK>
[  106.348635][ T2332]  dump_stack_lvl+0x151/0x1b7
[  106.353148][ T2332]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.358617][ T2332]  dump_stack+0x15/0x17
[  106.362603][ T2332]  should_fail+0x3c6/0x510
21:57:21 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:21 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)

[  106.366864][ T2332]  should_fail_alloc_page+0x5a/0x80
[  106.371891][ T2332]  prepare_alloc_pages+0x15c/0x700
[  106.376841][ T2332]  ? __alloc_pages+0x8f0/0x8f0
[  106.381440][ T2332]  ? __alloc_pages_bulk+0xe40/0xe40
[  106.386474][ T2332]  __alloc_pages+0x18c/0x8f0
[  106.390899][ T2332]  ? do_syscall_64+0x3d/0xb0
[  106.395335][ T2332]  ? prep_new_page+0x110/0x110
[  106.399938][ T2332]  ? __kasan_check_write+0x14/0x20
[  106.404879][ T2332]  __get_free_pages+0x10/0x30
[  106.408238][ T2344] FAULT_INJECTION: forcing a failure.
[  106.408238][ T2344] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  106.409381][ T2332]  kasan_populate_vmalloc_pte+0x39/0x130
[  106.427875][ T2332]  ? __apply_to_page_range+0x8ca/0xbe0
[  106.433168][ T2332]  __apply_to_page_range+0x8dd/0xbe0
[  106.438287][ T2332]  ? kasan_populate_vmalloc+0x70/0x70
[  106.443535][ T2332]  ? kasan_populate_vmalloc+0x70/0x70
[  106.448819][ T2332]  apply_to_page_range+0x3b/0x50
[  106.453588][ T2332]  kasan_populate_vmalloc+0x65/0x70
[  106.458628][ T2332]  alloc_vmap_area+0x192f/0x1a80
[  106.463399][ T2332]  ? vm_map_ram+0xa90/0xa90
[  106.467735][ T2332]  ? kmem_cache_alloc_trace+0x115/0x210
[  106.473118][ T2332]  ? __get_vm_area_node+0x117/0x360
[  106.478149][ T2332]  __get_vm_area_node+0x158/0x360
[  106.483015][ T2332]  __vmalloc_node_range+0xe2/0x8d0
[  106.487956][ T2332]  ? copy_process+0x5c4/0x3290
[  106.492560][ T2332]  ? slab_post_alloc_hook+0x72/0x2c0
[  106.497683][ T2332]  ? dup_task_struct+0x53/0xc60
[  106.502372][ T2332]  dup_task_struct+0x416/0xc60
[  106.506963][ T2332]  ? copy_process+0x5c4/0x3290
[  106.511565][ T2332]  ? __kasan_check_write+0x14/0x20
[  106.516512][ T2332]  copy_process+0x5c4/0x3290
[  106.520941][ T2332]  ? __kasan_check_write+0x14/0x20
[  106.525882][ T2332]  ? proc_fail_nth_write+0x20b/0x290
[  106.531008][ T2332]  ? selinux_file_permission+0x2c4/0x570
[  106.536477][ T2332]  ? fsnotify_perm+0x6a/0x5d0
[  106.540991][ T2332]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.545937][ T2332]  ? vfs_write+0x9ec/0x1110
[  106.550281][ T2332]  kernel_clone+0x21e/0x9e0
[  106.554616][ T2332]  ? file_end_write+0x1c0/0x1c0
[  106.559302][ T2332]  ? create_io_thread+0x1e0/0x1e0
[  106.564161][ T2332]  ? mutex_unlock+0xb2/0x260
[  106.568589][ T2332]  ? __mutex_lock_slowpath+0x10/0x10
[  106.573730][ T2332]  __x64_sys_clone+0x23f/0x290
[  106.578310][ T2332]  ? __do_sys_vfork+0x130/0x130
[  106.582994][ T2332]  ? ksys_write+0x260/0x2c0
[  106.587336][ T2332]  ? debug_smp_processor_id+0x17/0x20
[  106.592546][ T2332]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.598445][ T2332]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.603918][ T2332]  do_syscall_64+0x3d/0xb0
[  106.608171][ T2332]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.613892][ T2332] RIP: 0033:0x7f7a0de6fda9
[  106.618146][ T2332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.637594][ T2332] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.645831][ T2332] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  106.653645][ T2332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  106.661570][ T2332] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  106.669381][ T2332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  106.677197][ T2332] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  106.685012][ T2332]  </TASK>
[  106.688354][ T2344] CPU: 0 PID: 2344 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  106.698414][ T2344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  106.708310][ T2344] Call Trace:
[  106.711431][ T2344]  <TASK>
[  106.714211][ T2344]  dump_stack_lvl+0x151/0x1b7
[  106.718725][ T2344]  ? io_uring_drop_tctx_refs+0x190/0x190
[  106.724192][ T2344]  ? __stack_depot_save+0x34/0x470
[  106.729153][ T2344]  ? __kasan_slab_alloc+0x63/0xe0
[  106.733998][ T2344]  dump_stack+0x15/0x17
[  106.737990][ T2344]  should_fail+0x3c6/0x510
[  106.742246][ T2344]  should_fail_alloc_page+0x5a/0x80
[  106.747278][ T2344]  prepare_alloc_pages+0x15c/0x700
[  106.752224][ T2344]  ? __alloc_pages_bulk+0xe40/0xe40
[  106.757258][ T2344]  __alloc_pages+0x18c/0x8f0
[  106.761685][ T2344]  ? prep_new_page+0x110/0x110
[  106.766286][ T2344]  ? __kasan_kmalloc+0x9/0x10
[  106.770796][ T2344]  ? __kmalloc+0x13a/0x270
[  106.775048][ T2344]  ? __vmalloc_node_range+0x2d6/0x8d0
[  106.780261][ T2344]  __vmalloc_node_range+0x482/0x8d0
[  106.785401][ T2344]  dup_task_struct+0x416/0xc60
[  106.789993][ T2344]  ? copy_process+0x5c4/0x3290
[  106.794593][ T2344]  ? __kasan_check_write+0x14/0x20
[  106.799545][ T2344]  copy_process+0x5c4/0x3290
[  106.803970][ T2344]  ? __kasan_check_write+0x14/0x20
[  106.808916][ T2344]  ? proc_fail_nth_write+0x20b/0x290
[  106.814034][ T2344]  ? selinux_file_permission+0x2c4/0x570
[  106.819503][ T2344]  ? fsnotify_perm+0x6a/0x5d0
[  106.824015][ T2344]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  106.828961][ T2344]  ? vfs_write+0x9ec/0x1110
[  106.833304][ T2344]  kernel_clone+0x21e/0x9e0
[  106.837644][ T2344]  ? file_end_write+0x1c0/0x1c0
[  106.842328][ T2344]  ? create_io_thread+0x1e0/0x1e0
[  106.847189][ T2344]  ? mutex_unlock+0xb2/0x260
[  106.851629][ T2344]  ? __mutex_lock_slowpath+0x10/0x10
[  106.856740][ T2344]  __x64_sys_clone+0x23f/0x290
[  106.861336][ T2344]  ? __do_sys_vfork+0x130/0x130
[  106.866024][ T2344]  ? ksys_write+0x260/0x2c0
[  106.870363][ T2344]  ? debug_smp_processor_id+0x17/0x20
[  106.875570][ T2344]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  106.881472][ T2344]  ? exit_to_user_mode_prepare+0x39/0xa0
[  106.886940][ T2344]  do_syscall_64+0x3d/0xb0
[  106.891195][ T2344]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  106.896922][ T2344] RIP: 0033:0x7faae203fda9
[  106.901175][ T2344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:21 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:21 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x20010, 0x0, 0x0, 0x0)

[  106.920616][ T2344] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.928859][ T2344] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  106.936670][ T2344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  106.944481][ T2344] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  106.952297][ T2344] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  106.960105][ T2344] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  106.967919][ T2344]  </TASK>
21:57:21 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)

21:57:21 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)

[  107.055159][ T2356] FAULT_INJECTION: forcing a failure.
[  107.055159][ T2356] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  107.055175][ T2354] FAULT_INJECTION: forcing a failure.
[  107.055175][ T2354] name failslab, interval 1, probability 0, space 0, times 0
[  107.055199][ T2354] CPU: 0 PID: 2354 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.090676][ T2354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.100571][ T2354] Call Trace:
[  107.103693][ T2354]  <TASK>
[  107.106474][ T2354]  dump_stack_lvl+0x151/0x1b7
[  107.110982][ T2354]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.116455][ T2354]  dump_stack+0x15/0x17
[  107.120442][ T2354]  should_fail+0x3c6/0x510
[  107.124697][ T2354]  __should_failslab+0xa4/0xe0
[  107.129306][ T2354]  should_failslab+0x9/0x20
[  107.133637][ T2354]  slab_pre_alloc_hook+0x37/0xd0
[  107.138412][ T2354]  __kmalloc+0x6d/0x270
[  107.142400][ T2354]  ? kvmalloc_node+0x1f0/0x4d0
[  107.147003][ T2354]  kvmalloc_node+0x1f0/0x4d0
[  107.151430][ T2354]  ? vm_mmap+0xb0/0xb0
[  107.155337][ T2354]  ? __kasan_kmalloc+0x9/0x10
[  107.159846][ T2354]  ? kmem_cache_alloc_trace+0x115/0x210
[  107.165230][ T2354]  ? alloc_fdtable+0xaf/0x2a0
[  107.169744][ T2354]  alloc_fdtable+0x163/0x2a0
[  107.174168][ T2354]  dup_fd+0x759/0xb00
[  107.177987][ T2354]  ? avc_has_perm+0x16f/0x260
[  107.182503][ T2354]  copy_files+0xe6/0x200
[  107.186578][ T2354]  ? perf_event_attrs+0x30/0x30
[  107.191270][ T2354]  ? dup_task_struct+0xc60/0xc60
[  107.196042][ T2354]  ? security_task_alloc+0xf9/0x130
[  107.201075][ T2354]  copy_process+0x1080/0x3290
[  107.205606][ T2354]  ? proc_fail_nth_write+0x20b/0x290
[  107.210706][ T2354]  ? fsnotify_perm+0x6a/0x5d0
[  107.215224][ T2354]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.220170][ T2354]  ? vfs_write+0x9ec/0x1110
[  107.224508][ T2354]  kernel_clone+0x21e/0x9e0
[  107.228848][ T2354]  ? file_end_write+0x1c0/0x1c0
[  107.233536][ T2354]  ? create_io_thread+0x1e0/0x1e0
[  107.238391][ T2354]  ? mutex_unlock+0xb2/0x260
[  107.242830][ T2354]  ? __mutex_lock_slowpath+0x10/0x10
[  107.247954][ T2354]  __x64_sys_clone+0x23f/0x290
[  107.252541][ T2354]  ? __do_sys_vfork+0x130/0x130
[  107.257229][ T2354]  ? ksys_write+0x260/0x2c0
[  107.261568][ T2354]  ? debug_smp_processor_id+0x17/0x20
[  107.266797][ T2354]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.272687][ T2354]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.278146][ T2354]  do_syscall_64+0x3d/0xb0
[  107.282398][ T2354]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.288129][ T2354] RIP: 0033:0x7f7a0de6fda9
[  107.292392][ T2354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.311822][ T2354] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.320068][ T2354] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  107.327879][ T2354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  107.335687][ T2354] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  107.343499][ T2354] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  107.351312][ T2354] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  107.359142][ T2354]  </TASK>
[  107.361991][ T2356] CPU: 1 PID: 2356 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.372056][ T2356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.381951][ T2356] Call Trace:
[  107.385073][ T2356]  <TASK>
[  107.387851][ T2356]  dump_stack_lvl+0x151/0x1b7
[  107.392377][ T2356]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.397833][ T2356]  ? __stack_depot_save+0x34/0x470
[  107.402785][ T2356]  dump_stack+0x15/0x17
[  107.406791][ T2356]  should_fail+0x3c6/0x510
[  107.411030][ T2356]  should_fail_alloc_page+0x5a/0x80
[  107.416062][ T2356]  prepare_alloc_pages+0x15c/0x700
[  107.421007][ T2356]  ? __alloc_pages+0x8f0/0x8f0
[  107.425608][ T2356]  ? __alloc_pages_bulk+0xe40/0xe40
[  107.430642][ T2356]  __alloc_pages+0x18c/0x8f0
[  107.435070][ T2356]  ? prep_new_page+0x110/0x110
[  107.439672][ T2356]  ? __kasan_kmalloc+0x9/0x10
[  107.444180][ T2356]  ? __kmalloc+0x13a/0x270
[  107.448433][ T2356]  ? __vmalloc_node_range+0x2d6/0x8d0
21:57:22 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)

21:57:22 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  107.453746][ T2356]  __vmalloc_node_range+0x482/0x8d0
[  107.458780][ T2356]  dup_task_struct+0x416/0xc60
[  107.463376][ T2356]  ? copy_process+0x5c4/0x3290
[  107.467977][ T2356]  ? __kasan_check_write+0x14/0x20
[  107.472926][ T2356]  copy_process+0x5c4/0x3290
[  107.477351][ T2356]  ? __kasan_check_write+0x14/0x20
[  107.482309][ T2356]  ? proc_fail_nth_write+0x20b/0x290
[  107.487419][ T2356]  ? selinux_file_permission+0x2c4/0x570
[  107.492895][ T2356]  ? fsnotify_perm+0x6a/0x5d0
[  107.497413][ T2356]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.502347][ T2356]  ? vfs_write+0x9ec/0x1110
[  107.506685][ T2356]  kernel_clone+0x21e/0x9e0
[  107.511028][ T2356]  ? file_end_write+0x1c0/0x1c0
[  107.515721][ T2356]  ? create_io_thread+0x1e0/0x1e0
[  107.520569][ T2356]  ? mutex_unlock+0xb2/0x260
[  107.525000][ T2356]  ? __mutex_lock_slowpath+0x10/0x10
[  107.530130][ T2356]  __x64_sys_clone+0x23f/0x290
[  107.534773][ T2356]  ? __do_sys_vfork+0x130/0x130
[  107.539424][ T2356]  ? ksys_write+0x260/0x2c0
[  107.543749][ T2356]  ? debug_smp_processor_id+0x17/0x20
[  107.548952][ T2356]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.554862][ T2356]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.560325][ T2356]  do_syscall_64+0x3d/0xb0
[  107.564575][ T2356]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.570302][ T2356] RIP: 0033:0x7faae203fda9
[  107.574556][ T2356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.594005][ T2356] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:22 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x80000, 0x0, 0x0, 0x0)

21:57:22 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  107.602248][ T2356] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  107.610056][ T2356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  107.617869][ T2356] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  107.625678][ T2356] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  107.633490][ T2356] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  107.641308][ T2356]  </TASK>
[  107.651451][ T2361] FAULT_INJECTION: forcing a failure.
21:57:22 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)

[  107.651451][ T2361] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  107.665869][ T2361] CPU: 1 PID: 2361 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.675947][ T2361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.685931][ T2361] Call Trace:
[  107.689053][ T2361]  <TASK>
[  107.691840][ T2361]  dump_stack_lvl+0x151/0x1b7
[  107.696341][ T2361]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.701812][ T2361]  ? __stack_depot_save+0x34/0x470
[  107.706774][ T2361]  dump_stack+0x15/0x17
[  107.710748][ T2361]  should_fail+0x3c6/0x510
[  107.714999][ T2361]  should_fail_alloc_page+0x5a/0x80
[  107.720042][ T2361]  prepare_alloc_pages+0x15c/0x700
[  107.724993][ T2361]  ? __alloc_pages+0x8f0/0x8f0
[  107.729588][ T2361]  ? __alloc_pages_bulk+0xe40/0xe40
[  107.734622][ T2361]  __alloc_pages+0x18c/0x8f0
[  107.739044][ T2361]  ? prep_new_page+0x110/0x110
[  107.743649][ T2361]  ? __kasan_kmalloc+0x9/0x10
[  107.748158][ T2361]  ? __kmalloc+0x13a/0x270
[  107.752409][ T2361]  ? __vmalloc_node_range+0x2d6/0x8d0
[  107.757620][ T2361]  __vmalloc_node_range+0x482/0x8d0
[  107.762656][ T2361]  dup_task_struct+0x416/0xc60
[  107.767259][ T2361]  ? copy_process+0x5c4/0x3290
[  107.771851][ T2361]  ? __kasan_check_write+0x14/0x20
[  107.776800][ T2361]  copy_process+0x5c4/0x3290
[  107.781226][ T2361]  ? __kasan_check_write+0x14/0x20
[  107.786172][ T2361]  ? proc_fail_nth_write+0x20b/0x290
[  107.791295][ T2361]  ? selinux_file_permission+0x2c4/0x570
[  107.796773][ T2361]  ? fsnotify_perm+0x6a/0x5d0
[  107.801279][ T2361]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  107.806298][ T2361]  ? vfs_write+0x9ec/0x1110
[  107.810760][ T2361]  kernel_clone+0x21e/0x9e0
[  107.815094][ T2361]  ? file_end_write+0x1c0/0x1c0
[  107.819776][ T2361]  ? create_io_thread+0x1e0/0x1e0
[  107.824638][ T2361]  ? mutex_unlock+0xb2/0x260
[  107.829068][ T2361]  ? __mutex_lock_slowpath+0x10/0x10
[  107.834274][ T2361]  __x64_sys_clone+0x23f/0x290
[  107.838874][ T2361]  ? __do_sys_vfork+0x130/0x130
[  107.843557][ T2361]  ? ksys_write+0x260/0x2c0
[  107.847904][ T2361]  ? debug_smp_processor_id+0x17/0x20
[  107.851877][ T2368] FAULT_INJECTION: forcing a failure.
[  107.851877][ T2368] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  107.853101][ T2361]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  107.872031][ T2361]  ? exit_to_user_mode_prepare+0x39/0xa0
[  107.877501][ T2361]  do_syscall_64+0x3d/0xb0
[  107.881746][ T2361]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  107.887496][ T2361] RIP: 0033:0x7f7a0de6fda9
[  107.891732][ T2361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.911169][ T2361] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.919413][ T2361] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  107.927230][ T2361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  107.935035][ T2361] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  107.942848][ T2361] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  107.950657][ T2361] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  107.958486][ T2361]  </TASK>
[  107.961336][ T2368] CPU: 0 PID: 2368 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  107.971409][ T2368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  107.981306][ T2368] Call Trace:
[  107.984423][ T2368]  <TASK>
[  107.987203][ T2368]  dump_stack_lvl+0x151/0x1b7
[  107.991716][ T2368]  ? io_uring_drop_tctx_refs+0x190/0x190
[  107.997273][ T2368]  ? __stack_depot_save+0x34/0x470
[  108.002220][ T2368]  dump_stack+0x15/0x17
[  108.006205][ T2368]  should_fail+0x3c6/0x510
[  108.010461][ T2368]  should_fail_alloc_page+0x5a/0x80
[  108.015494][ T2368]  prepare_alloc_pages+0x15c/0x700
[  108.020440][ T2368]  ? __alloc_pages+0x8f0/0x8f0
[  108.025039][ T2368]  ? __alloc_pages_bulk+0xe40/0xe40
[  108.030081][ T2368]  __alloc_pages+0x18c/0x8f0
[  108.034504][ T2368]  ? prep_new_page+0x110/0x110
[  108.039105][ T2368]  ? __kasan_kmalloc+0x9/0x10
[  108.043612][ T2368]  ? __kmalloc+0x13a/0x270
[  108.047864][ T2368]  ? __vmalloc_node_range+0x2d6/0x8d0
[  108.053077][ T2368]  __vmalloc_node_range+0x482/0x8d0
[  108.058109][ T2368]  dup_task_struct+0x416/0xc60
[  108.062705][ T2368]  ? copy_process+0x5c4/0x3290
[  108.067306][ T2368]  ? __kasan_check_write+0x14/0x20
[  108.072256][ T2368]  copy_process+0x5c4/0x3290
[  108.076683][ T2368]  ? __kasan_check_write+0x14/0x20
[  108.081625][ T2368]  ? proc_fail_nth_write+0x20b/0x290
[  108.086745][ T2368]  ? selinux_file_permission+0x2c4/0x570
[  108.092216][ T2368]  ? fsnotify_perm+0x6a/0x5d0
[  108.096737][ T2368]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.101684][ T2368]  ? vfs_write+0x9ec/0x1110
[  108.106015][ T2368]  kernel_clone+0x21e/0x9e0
[  108.110354][ T2368]  ? file_end_write+0x1c0/0x1c0
[  108.115040][ T2368]  ? create_io_thread+0x1e0/0x1e0
[  108.119900][ T2368]  ? mutex_unlock+0xb2/0x260
[  108.124326][ T2368]  ? __mutex_lock_slowpath+0x10/0x10
[  108.129450][ T2368]  __x64_sys_clone+0x23f/0x290
[  108.134049][ T2368]  ? __do_sys_vfork+0x130/0x130
[  108.138745][ T2368]  ? ksys_write+0x260/0x2c0
[  108.143113][ T2368]  ? debug_smp_processor_id+0x17/0x20
[  108.148291][ T2368]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.154194][ T2368]  ? exit_to_user_mode_prepare+0x39/0xa0
[  108.159662][ T2368]  do_syscall_64+0x3d/0xb0
[  108.163909][ T2368]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  108.169634][ T2368] RIP: 0033:0x7faae203fda9
[  108.173888][ T2368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  108.193328][ T2368] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.201578][ T2368] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:23 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)

21:57:23 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

[  108.209385][ T2368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  108.217198][ T2368] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  108.225006][ T2368] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  108.232817][ T2368] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  108.240631][ T2368]  </TASK>
[  108.261640][ T2371] FAULT_INJECTION: forcing a failure.
[  108.261640][ T2371] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  108.276532][ T2371] CPU: 0 PID: 2371 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.286615][ T2371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.296502][ T2371] Call Trace:
[  108.299626][ T2371]  <TASK>
[  108.302398][ T2371]  dump_stack_lvl+0x151/0x1b7
[  108.306914][ T2371]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.312382][ T2371]  ? __stack_depot_save+0x34/0x470
[  108.317328][ T2371]  dump_stack+0x15/0x17
[  108.321319][ T2371]  should_fail+0x3c6/0x510
[  108.325573][ T2371]  should_fail_alloc_page+0x5a/0x80
[  108.330606][ T2371]  prepare_alloc_pages+0x15c/0x700
[  108.335553][ T2371]  ? __alloc_pages+0x8f0/0x8f0
[  108.340155][ T2371]  ? __alloc_pages_bulk+0xe40/0xe40
[  108.345190][ T2371]  __alloc_pages+0x18c/0x8f0
[  108.349614][ T2371]  ? prep_new_page+0x110/0x110
[  108.354216][ T2371]  ? __kasan_kmalloc+0x9/0x10
[  108.358727][ T2371]  ? __kmalloc+0x13a/0x270
[  108.362978][ T2371]  ? __vmalloc_node_range+0x2d6/0x8d0
[  108.368190][ T2371]  __vmalloc_node_range+0x482/0x8d0
[  108.373222][ T2371]  dup_task_struct+0x416/0xc60
[  108.377823][ T2371]  ? copy_process+0x5c4/0x3290
[  108.382423][ T2371]  ? __kasan_check_write+0x14/0x20
[  108.387373][ T2371]  copy_process+0x5c4/0x3290
[  108.391797][ T2371]  ? __kasan_check_write+0x14/0x20
[  108.396752][ T2371]  ? proc_fail_nth_write+0x20b/0x290
[  108.401863][ T2371]  ? selinux_file_permission+0x2c4/0x570
[  108.407334][ T2371]  ? fsnotify_perm+0x6a/0x5d0
[  108.411845][ T2371]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.416795][ T2371]  ? vfs_write+0x9ec/0x1110
[  108.421137][ T2371]  kernel_clone+0x21e/0x9e0
[  108.425473][ T2371]  ? file_end_write+0x1c0/0x1c0
[  108.430159][ T2371]  ? create_io_thread+0x1e0/0x1e0
[  108.435018][ T2371]  ? mutex_unlock+0xb2/0x260
[  108.439447][ T2371]  ? __mutex_lock_slowpath+0x10/0x10
[  108.444590][ T2371]  __x64_sys_clone+0x23f/0x290
[  108.449168][ T2371]  ? __do_sys_vfork+0x130/0x130
[  108.453853][ T2371]  ? ksys_write+0x260/0x2c0
[  108.458194][ T2371]  ? debug_smp_processor_id+0x17/0x20
[  108.463400][ T2371]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.469300][ T2371]  ? exit_to_user_mode_prepare+0x39/0xa0
[  108.474771][ T2371]  do_syscall_64+0x3d/0xb0
[  108.479033][ T2371]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  108.484755][ T2371] RIP: 0033:0x7faae203fda9
[  108.489006][ T2371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  108.508442][ T2371] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.516689][ T2371] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  108.524500][ T2371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  108.532314][ T2371] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  108.540133][ T2371] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  108.547936][ T2371] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  108.555748][ T2371]  </TASK>
21:57:23 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x700000, 0x0, 0x0, 0x0)

21:57:23 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

[  108.565277][ T2374] FAULT_INJECTION: forcing a failure.
[  108.565277][ T2374] name failslab, interval 1, probability 0, space 0, times 0
[  108.578829][ T2374] CPU: 0 PID: 2374 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.588905][ T2374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.598805][ T2374] Call Trace:
[  108.601923][ T2374]  <TASK>
[  108.602917][ T2378] FAULT_INJECTION: forcing a failure.
[  108.602917][ T2378] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  108.604711][ T2374]  dump_stack_lvl+0x151/0x1b7
[  108.604739][ T2374]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.627703][ T2374]  dump_stack+0x15/0x17
[  108.631691][ T2374]  should_fail+0x3c6/0x510
[  108.635943][ T2374]  __should_failslab+0xa4/0xe0
[  108.640546][ T2374]  ? copy_sighand+0x54/0x250
[  108.644969][ T2374]  should_failslab+0x9/0x20
[  108.649313][ T2374]  slab_pre_alloc_hook+0x37/0xd0
[  108.654085][ T2374]  ? copy_sighand+0x54/0x250
[  108.658508][ T2374]  kmem_cache_alloc+0x44/0x200
[  108.663114][ T2374]  copy_sighand+0x54/0x250
[  108.667366][ T2374]  copy_process+0x10d6/0x3290
[  108.671880][ T2374]  ? proc_fail_nth_write+0x20b/0x290
[  108.676998][ T2374]  ? fsnotify_perm+0x6a/0x5d0
[  108.681511][ T2374]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.686458][ T2374]  ? vfs_write+0x9ec/0x1110
[  108.690813][ T2374]  kernel_clone+0x21e/0x9e0
[  108.695134][ T2374]  ? file_end_write+0x1c0/0x1c0
[  108.699822][ T2374]  ? create_io_thread+0x1e0/0x1e0
[  108.704680][ T2374]  ? mutex_unlock+0xb2/0x260
[  108.709112][ T2374]  ? __mutex_lock_slowpath+0x10/0x10
[  108.714233][ T2374]  __x64_sys_clone+0x23f/0x290
[  108.718835][ T2374]  ? __do_sys_vfork+0x130/0x130
[  108.723520][ T2374]  ? ksys_write+0x260/0x2c0
[  108.727858][ T2374]  ? debug_smp_processor_id+0x17/0x20
[  108.733066][ T2374]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.738968][ T2374]  ? exit_to_user_mode_prepare+0x39/0xa0
[  108.744437][ T2374]  do_syscall_64+0x3d/0xb0
[  108.748686][ T2374]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  108.754415][ T2374] RIP: 0033:0x7f7a0de6fda9
[  108.758674][ T2374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  108.778108][ T2374] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.786354][ T2374] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  108.794165][ T2374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  108.801978][ T2374] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  108.809788][ T2374] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  108.817599][ T2374] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
[  108.825419][ T2374]  </TASK>
[  108.828276][ T2378] CPU: 1 PID: 2378 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  108.838348][ T2378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  108.848239][ T2378] Call Trace:
[  108.851366][ T2378]  <TASK>
[  108.854143][ T2378]  dump_stack_lvl+0x151/0x1b7
[  108.858657][ T2378]  ? io_uring_drop_tctx_refs+0x190/0x190
[  108.864126][ T2378]  ? __stack_depot_save+0x34/0x470
[  108.869069][ T2378]  dump_stack+0x15/0x17
[  108.873063][ T2378]  should_fail+0x3c6/0x510
[  108.877317][ T2378]  should_fail_alloc_page+0x5a/0x80
[  108.882347][ T2378]  prepare_alloc_pages+0x15c/0x700
[  108.887298][ T2378]  ? __alloc_pages+0x8f0/0x8f0
[  108.891894][ T2378]  ? __alloc_pages_bulk+0xe40/0xe40
[  108.896931][ T2378]  __alloc_pages+0x18c/0x8f0
[  108.901353][ T2378]  ? prep_new_page+0x110/0x110
[  108.905955][ T2378]  ? __kasan_kmalloc+0x9/0x10
[  108.910467][ T2378]  ? __kmalloc+0x13a/0x270
[  108.914720][ T2378]  ? __vmalloc_node_range+0x2d6/0x8d0
[  108.919927][ T2378]  __vmalloc_node_range+0x482/0x8d0
[  108.924965][ T2378]  dup_task_struct+0x416/0xc60
[  108.929565][ T2378]  ? copy_process+0x5c4/0x3290
[  108.934175][ T2378]  ? __kasan_check_write+0x14/0x20
[  108.939116][ T2378]  copy_process+0x5c4/0x3290
[  108.943542][ T2378]  ? __kasan_check_write+0x14/0x20
[  108.948485][ T2378]  ? proc_fail_nth_write+0x20b/0x290
[  108.953605][ T2378]  ? selinux_file_permission+0x2c4/0x570
[  108.959077][ T2378]  ? fsnotify_perm+0x6a/0x5d0
[  108.963587][ T2378]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  108.968531][ T2378]  ? vfs_write+0x9ec/0x1110
[  108.972874][ T2378]  kernel_clone+0x21e/0x9e0
[  108.977211][ T2378]  ? file_end_write+0x1c0/0x1c0
[  108.981898][ T2378]  ? create_io_thread+0x1e0/0x1e0
[  108.986756][ T2378]  ? mutex_unlock+0xb2/0x260
[  108.991187][ T2378]  ? __mutex_lock_slowpath+0x10/0x10
[  108.996308][ T2378]  __x64_sys_clone+0x23f/0x290
[  109.000904][ T2378]  ? __do_sys_vfork+0x130/0x130
[  109.005591][ T2378]  ? ksys_write+0x260/0x2c0
[  109.009932][ T2378]  ? debug_smp_processor_id+0x17/0x20
[  109.015139][ T2378]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  109.021041][ T2378]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.026509][ T2378]  do_syscall_64+0x3d/0xb0
[  109.030762][ T2378]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.036489][ T2378] RIP: 0033:0x7faae203fda9
[  109.040746][ T2378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:23 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xf0ff1f, 0x0, 0x0, 0x0)

21:57:23 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

21:57:23 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:23 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

[  109.060186][ T2378] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  109.068430][ T2378] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  109.076243][ T2378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  109.084057][ T2378] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  109.091865][ T2378] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.099800][ T2378] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  109.107610][ T2378]  </TASK>
21:57:24 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  109.186581][ T2383] FAULT_INJECTION: forcing a failure.
[  109.186581][ T2383] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  109.186930][ T2387] FAULT_INJECTION: forcing a failure.
[  109.186930][ T2387] name failslab, interval 1, probability 0, space 0, times 0
[  109.216139][ T2387] CPU: 0 PID: 2387 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.226222][ T2387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.236113][ T2387] Call Trace:
[  109.239240][ T2387]  <TASK>
[  109.242015][ T2387]  dump_stack_lvl+0x151/0x1b7
[  109.246530][ T2387]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.252002][ T2387]  dump_stack+0x15/0x17
[  109.255988][ T2387]  should_fail+0x3c6/0x510
[  109.260247][ T2387]  __should_failslab+0xa4/0xe0
[  109.264841][ T2387]  should_failslab+0x9/0x20
[  109.269180][ T2387]  slab_pre_alloc_hook+0x37/0xd0
[  109.273960][ T2387]  kmem_cache_alloc_trace+0x48/0x210
[  109.279078][ T2387]  ? mm_init+0x39a/0x970
[  109.283155][ T2387]  mm_init+0x39a/0x970
[  109.287064][ T2387]  copy_mm+0x1e3/0x13e0
[  109.291059][ T2387]  ? _raw_spin_lock+0xa4/0x1b0
[  109.295663][ T2387]  ? copy_signal+0x610/0x610
[  109.300087][ T2387]  ? __kasan_check_write+0x14/0x20
[  109.305027][ T2387]  ? __init_rwsem+0xd6/0x1c0
[  109.309453][ T2387]  ? copy_signal+0x4e3/0x610
[  109.313882][ T2387]  copy_process+0x1149/0x3290
[  109.318398][ T2387]  ? proc_fail_nth_write+0x20b/0x290
[  109.323514][ T2387]  ? fsnotify_perm+0x6a/0x5d0
[  109.328038][ T2387]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  109.332977][ T2387]  ? vfs_write+0x9ec/0x1110
[  109.337317][ T2387]  kernel_clone+0x21e/0x9e0
[  109.341651][ T2387]  ? file_end_write+0x1c0/0x1c0
[  109.346344][ T2387]  ? create_io_thread+0x1e0/0x1e0
[  109.351197][ T2387]  ? mutex_unlock+0xb2/0x260
[  109.355628][ T2387]  ? __mutex_lock_slowpath+0x10/0x10
[  109.360748][ T2387]  __x64_sys_clone+0x23f/0x290
[  109.365384][ T2387]  ? __do_sys_vfork+0x130/0x130
[  109.370033][ T2387]  ? ksys_write+0x260/0x2c0
[  109.374376][ T2387]  ? debug_smp_processor_id+0x17/0x20
[  109.379585][ T2387]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  109.385481][ T2387]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.390951][ T2387]  do_syscall_64+0x3d/0xb0
[  109.395205][ T2387]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.400932][ T2387] RIP: 0033:0x7faae203fda9
[  109.405196][ T2387] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  109.424641][ T2387] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:24 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1000000, 0x0, 0x0, 0x0)

[  109.432873][ T2387] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  109.440686][ T2387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  109.448497][ T2387] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  109.456305][ T2387] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.464119][ T2387] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  109.471933][ T2387]  </TASK>
[  109.481026][ T2383] CPU: 0 PID: 2383 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.491114][ T2383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.501004][ T2383] Call Trace:
[  109.504127][ T2383]  <TASK>
[  109.506904][ T2383]  dump_stack_lvl+0x151/0x1b7
[  109.511417][ T2383]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.516884][ T2383]  ? __stack_depot_save+0x34/0x470
[  109.521831][ T2383]  dump_stack+0x15/0x17
[  109.525826][ T2383]  should_fail+0x3c6/0x510
[  109.530078][ T2383]  should_fail_alloc_page+0x5a/0x80
[  109.535108][ T2383]  prepare_alloc_pages+0x15c/0x700
[  109.540061][ T2383]  ? __alloc_pages+0x8f0/0x8f0
[  109.544657][ T2383]  ? __alloc_pages_bulk+0xe40/0xe40
[  109.549691][ T2383]  __alloc_pages+0x18c/0x8f0
[  109.554122][ T2383]  ? prep_new_page+0x110/0x110
[  109.558718][ T2383]  ? __kasan_kmalloc+0x9/0x10
[  109.563229][ T2383]  ? __kmalloc+0x13a/0x270
[  109.567482][ T2383]  ? __vmalloc_node_range+0x2d6/0x8d0
[  109.572691][ T2383]  __vmalloc_node_range+0x482/0x8d0
[  109.577727][ T2383]  dup_task_struct+0x416/0xc60
[  109.582332][ T2383]  ? copy_process+0x5c4/0x3290
[  109.586927][ T2383]  ? __kasan_check_write+0x14/0x20
[  109.591876][ T2383]  copy_process+0x5c4/0x3290
[  109.596304][ T2383]  ? __kasan_check_write+0x14/0x20
[  109.601246][ T2383]  ? proc_fail_nth_write+0x20b/0x290
[  109.606373][ T2383]  ? selinux_file_permission+0x2c4/0x570
[  109.611831][ T2383]  ? fsnotify_perm+0x6a/0x5d0
[  109.616363][ T2383]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  109.621292][ T2383]  ? vfs_write+0x9ec/0x1110
[  109.625632][ T2383]  kernel_clone+0x21e/0x9e0
[  109.629971][ T2383]  ? file_end_write+0x1c0/0x1c0
[  109.634659][ T2383]  ? create_io_thread+0x1e0/0x1e0
[  109.639520][ T2383]  ? mutex_unlock+0xb2/0x260
[  109.643946][ T2383]  ? __mutex_lock_slowpath+0x10/0x10
[  109.649085][ T2383]  __x64_sys_clone+0x23f/0x290
[  109.653666][ T2383]  ? __do_sys_vfork+0x130/0x130
[  109.658349][ T2383]  ? ksys_write+0x260/0x2c0
[  109.662695][ T2383]  ? debug_smp_processor_id+0x17/0x20
[  109.667899][ T2383]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  109.673802][ T2383]  ? exit_to_user_mode_prepare+0x39/0xa0
[  109.679272][ T2383]  do_syscall_64+0x3d/0xb0
[  109.683523][ T2383]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  109.689250][ T2383] RIP: 0033:0x7f7a0de6fda9
[  109.693502][ T2383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  109.712948][ T2383] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  109.721198][ T2383] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  109.729013][ T2383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:24 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

21:57:24 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

[  109.736822][ T2383] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  109.744628][ T2383] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  109.752439][ T2383] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  109.760256][ T2383]  </TASK>
21:57:24 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x2000000, 0x0, 0x0, 0x0)

[  109.789156][ T2395] FAULT_INJECTION: forcing a failure.
[  109.789156][ T2395] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  109.805289][ T2397] FAULT_INJECTION: forcing a failure.
[  109.805289][ T2397] name failslab, interval 1, probability 0, space 0, times 0
[  109.819934][ T2395] CPU: 0 PID: 2395 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  109.830023][ T2395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  109.839907][ T2395] Call Trace:
[  109.843034][ T2395]  <TASK>
[  109.845807][ T2395]  dump_stack_lvl+0x151/0x1b7
[  109.850318][ T2395]  ? io_uring_drop_tctx_refs+0x190/0x190
[  109.855788][ T2395]  ? __stack_depot_save+0x34/0x470
[  109.860747][ T2395]  dump_stack+0x15/0x17
[  109.864725][ T2395]  should_fail+0x3c6/0x510
[  109.868988][ T2395]  should_fail_alloc_page+0x5a/0x80
[  109.874018][ T2395]  prepare_alloc_pages+0x15c/0x700
[  109.878964][ T2395]  ? __alloc_pages+0x8f0/0x8f0
[  109.883561][ T2395]  ? __alloc_pages_bulk+0xe40/0xe40
[  109.888593][ T2395]  __alloc_pages+0x18c/0x8f0
[  109.893023][ T2395]  ? prep_new_page+0x110/0x110
[  109.897628][ T2395]  ? __kasan_kmalloc+0x9/0x10
[  109.902143][ T2395]  ? __kmalloc+0x13a/0x270
[  109.906388][ T2395]  ? __vmalloc_node_range+0x2d6/0x8d0
[  109.911599][ T2395]  __vmalloc_node_range+0x482/0x8d0
[  109.916634][ T2395]  dup_task_struct+0x416/0xc60
[  109.921231][ T2395]  ? copy_process+0x5c4/0x3290
[  109.925830][ T2395]  ? __kasan_check_write+0x14/0x20
[  109.930776][ T2395]  copy_process+0x5c4/0x3290
[  109.935203][ T2395]  ? __kasan_check_write+0x14/0x20
[  109.940150][ T2395]  ? proc_fail_nth_write+0x20b/0x290
[  109.945268][ T2395]  ? selinux_file_permission+0x2c4/0x570
[  109.950741][ T2395]  ? fsnotify_perm+0x6a/0x5d0
[  109.955253][ T2395]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  109.960199][ T2395]  ? vfs_write+0x9ec/0x1110
[  109.964541][ T2395]  kernel_clone+0x21e/0x9e0
[  109.968877][ T2395]  ? file_end_write+0x1c0/0x1c0
[  109.973564][ T2395]  ? create_io_thread+0x1e0/0x1e0
[  109.978426][ T2395]  ? mutex_unlock+0xb2/0x260
[  109.982851][ T2395]  ? __mutex_lock_slowpath+0x10/0x10
[  109.987975][ T2395]  __x64_sys_clone+0x23f/0x290
[  109.992575][ T2395]  ? __do_sys_vfork+0x130/0x130
[  109.997258][ T2395]  ? ksys_write+0x260/0x2c0
[  110.001602][ T2395]  ? debug_smp_processor_id+0x17/0x20
[  110.006834][ T2395]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.012708][ T2395]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.018179][ T2395]  do_syscall_64+0x3d/0xb0
[  110.022429][ T2395]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.028156][ T2395] RIP: 0033:0x7faae203fda9
[  110.032409][ T2395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.051862][ T2395] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  110.060097][ T2395] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  110.067911][ T2395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  110.075716][ T2395] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  110.083532][ T2395] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  110.091342][ T2395] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  110.099159][ T2395]  </TASK>
[  110.102019][ T2397] CPU: 1 PID: 2397 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  110.112086][ T2397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  110.121982][ T2397] Call Trace:
[  110.125114][ T2397]  <TASK>
[  110.127882][ T2397]  dump_stack_lvl+0x151/0x1b7
[  110.132394][ T2397]  ? io_uring_drop_tctx_refs+0x190/0x190
[  110.137870][ T2397]  ? slab_post_alloc_hook+0x53/0x2c0
[  110.142992][ T2397]  ? kernel_clone+0x21e/0x9e0
[  110.147494][ T2397]  ? do_syscall_64+0x3d/0xb0
[  110.151924][ T2397]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.157827][ T2397]  dump_stack+0x15/0x17
[  110.161824][ T2397]  should_fail+0x3c6/0x510
[  110.166068][ T2397]  __should_failslab+0xa4/0xe0
[  110.170669][ T2397]  ? copy_mm+0x192/0x13e0
[  110.174852][ T2397]  should_failslab+0x9/0x20
[  110.179175][ T2397]  slab_pre_alloc_hook+0x37/0xd0
[  110.183949][ T2397]  ? copy_mm+0x192/0x13e0
[  110.188123][ T2397]  kmem_cache_alloc+0x44/0x200
[  110.192715][ T2397]  copy_mm+0x192/0x13e0
[  110.196724][ T2397]  ? _raw_spin_lock+0xa4/0x1b0
[  110.201307][ T2397]  ? copy_signal+0x610/0x610
[  110.205733][ T2397]  ? __kasan_check_write+0x14/0x20
[  110.210679][ T2397]  ? __init_rwsem+0xd6/0x1c0
[  110.215105][ T2397]  ? copy_signal+0x4e3/0x610
[  110.219544][ T2397]  copy_process+0x1149/0x3290
[  110.224048][ T2397]  ? proc_fail_nth_write+0x20b/0x290
[  110.229169][ T2397]  ? fsnotify_perm+0x6a/0x5d0
[  110.233684][ T2397]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.238630][ T2397]  ? vfs_write+0x9ec/0x1110
[  110.242973][ T2397]  kernel_clone+0x21e/0x9e0
[  110.247309][ T2397]  ? file_end_write+0x1c0/0x1c0
[  110.252002][ T2397]  ? create_io_thread+0x1e0/0x1e0
[  110.256853][ T2397]  ? mutex_unlock+0xb2/0x260
[  110.261293][ T2397]  ? __mutex_lock_slowpath+0x10/0x10
[  110.266405][ T2397]  __x64_sys_clone+0x23f/0x290
[  110.271003][ T2397]  ? __do_sys_vfork+0x130/0x130
[  110.275687][ T2397]  ? ksys_write+0x260/0x2c0
[  110.280030][ T2397]  ? debug_smp_processor_id+0x17/0x20
[  110.285234][ T2397]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.291136][ T2397]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.296604][ T2397]  do_syscall_64+0x3d/0xb0
[  110.300861][ T2397]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.306590][ T2397] RIP: 0033:0x7f7a0de6fda9
[  110.310840][ T2397] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.330301][ T2397] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:25 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:25 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

21:57:25 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

[  110.338526][ T2397] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  110.346336][ T2397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  110.354146][ T2397] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  110.361962][ T2397] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  110.369769][ T2397] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  110.377587][ T2397]  </TASK>
21:57:25 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x7000000, 0x0, 0x0, 0x0)

[  110.419542][ T2404] FAULT_INJECTION: forcing a failure.
[  110.419542][ T2404] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.444594][ T2403] FAULT_INJECTION: forcing a failure.
[  110.444594][ T2403] name failslab, interval 1, probability 0, space 0, times 0
[  110.450631][ T2404] CPU: 0 PID: 2404 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  110.467107][ T2404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  110.477002][ T2404] Call Trace:
[  110.480118][ T2404]  <TASK>
[  110.482896][ T2404]  dump_stack_lvl+0x151/0x1b7
[  110.487411][ T2404]  ? io_uring_drop_tctx_refs+0x190/0x190
[  110.492882][ T2404]  ? __stack_depot_save+0x34/0x470
[  110.497832][ T2404]  dump_stack+0x15/0x17
[  110.501819][ T2404]  should_fail+0x3c6/0x510
[  110.506070][ T2404]  should_fail_alloc_page+0x5a/0x80
[  110.511106][ T2404]  prepare_alloc_pages+0x15c/0x700
[  110.516068][ T2404]  ? __alloc_pages+0x8f0/0x8f0
[  110.520654][ T2404]  ? __alloc_pages_bulk+0xe40/0xe40
[  110.525696][ T2404]  __alloc_pages+0x18c/0x8f0
[  110.530112][ T2404]  ? prep_new_page+0x110/0x110
[  110.534715][ T2404]  ? __kasan_kmalloc+0x9/0x10
[  110.539240][ T2404]  ? __kmalloc+0x13a/0x270
[  110.543491][ T2404]  ? __vmalloc_node_range+0x2d6/0x8d0
[  110.548688][ T2404]  __vmalloc_node_range+0x482/0x8d0
[  110.553723][ T2404]  dup_task_struct+0x416/0xc60
[  110.558320][ T2404]  ? copy_process+0x5c4/0x3290
[  110.562922][ T2404]  ? __kasan_check_write+0x14/0x20
[  110.567878][ T2404]  copy_process+0x5c4/0x3290
[  110.572298][ T2404]  ? __kasan_check_write+0x14/0x20
[  110.577241][ T2404]  ? proc_fail_nth_write+0x20b/0x290
[  110.582364][ T2404]  ? selinux_file_permission+0x2c4/0x570
[  110.587833][ T2404]  ? fsnotify_perm+0x6a/0x5d0
[  110.592345][ T2404]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.597289][ T2404]  ? vfs_write+0x9ec/0x1110
[  110.601631][ T2404]  kernel_clone+0x21e/0x9e0
[  110.605966][ T2404]  ? file_end_write+0x1c0/0x1c0
[  110.610657][ T2404]  ? create_io_thread+0x1e0/0x1e0
[  110.615514][ T2404]  ? mutex_unlock+0xb2/0x260
21:57:25 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  110.619945][ T2404]  ? __mutex_lock_slowpath+0x10/0x10
[  110.625064][ T2404]  __x64_sys_clone+0x23f/0x290
[  110.629662][ T2404]  ? __do_sys_vfork+0x130/0x130
[  110.634348][ T2404]  ? ksys_write+0x260/0x2c0
[  110.638690][ T2404]  ? debug_smp_processor_id+0x17/0x20
[  110.643894][ T2404]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.649797][ T2404]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.655269][ T2404]  do_syscall_64+0x3d/0xb0
[  110.659517][ T2404]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.665245][ T2404] RIP: 0033:0x7faae203fda9
[  110.669500][ T2404] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.688942][ T2404] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  110.697186][ T2404] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  110.704998][ T2404] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  110.712811][ T2404] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  110.720623][ T2404] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  110.728430][ T2404] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  110.736248][ T2404]  </TASK>
[  110.739108][ T2403] CPU: 1 PID: 2403 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  110.749183][ T2403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  110.759069][ T2403] Call Trace:
[  110.762193][ T2403]  <TASK>
[  110.764971][ T2403]  dump_stack_lvl+0x151/0x1b7
[  110.769484][ T2403]  ? io_uring_drop_tctx_refs+0x190/0x190
[  110.774955][ T2403]  dump_stack+0x15/0x17
[  110.778944][ T2403]  should_fail+0x3c6/0x510
[  110.783197][ T2403]  __should_failslab+0xa4/0xe0
[  110.787799][ T2403]  should_failslab+0x9/0x20
[  110.792139][ T2403]  slab_pre_alloc_hook+0x37/0xd0
[  110.796913][ T2403]  kmem_cache_alloc_trace+0x48/0x210
[  110.802038][ T2403]  ? mm_init+0x39a/0x970
[  110.806115][ T2403]  mm_init+0x39a/0x970
[  110.810021][ T2403]  copy_mm+0x1e3/0x13e0
[  110.814017][ T2403]  ? _raw_spin_lock+0xa4/0x1b0
[  110.818733][ T2403]  ? copy_signal+0x610/0x610
[  110.823160][ T2403]  ? __kasan_check_write+0x14/0x20
[  110.828101][ T2403]  ? __init_rwsem+0xd6/0x1c0
[  110.832529][ T2403]  ? copy_signal+0x4e3/0x610
[  110.836956][ T2403]  copy_process+0x1149/0x3290
[  110.841472][ T2403]  ? proc_fail_nth_write+0x20b/0x290
[  110.846590][ T2403]  ? fsnotify_perm+0x6a/0x5d0
[  110.851105][ T2403]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  110.856064][ T2403]  ? vfs_write+0x9ec/0x1110
[  110.860393][ T2403]  kernel_clone+0x21e/0x9e0
[  110.864726][ T2403]  ? file_end_write+0x1c0/0x1c0
[  110.869414][ T2403]  ? create_io_thread+0x1e0/0x1e0
[  110.874284][ T2403]  ? mutex_unlock+0xb2/0x260
[  110.878700][ T2403]  ? __mutex_lock_slowpath+0x10/0x10
[  110.883828][ T2403]  __x64_sys_clone+0x23f/0x290
[  110.888425][ T2403]  ? __do_sys_vfork+0x130/0x130
[  110.893107][ T2403]  ? ksys_write+0x260/0x2c0
[  110.897452][ T2403]  ? debug_smp_processor_id+0x17/0x20
[  110.902656][ T2403]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  110.908558][ T2403]  ? exit_to_user_mode_prepare+0x39/0xa0
[  110.914027][ T2403]  do_syscall_64+0x3d/0xb0
[  110.918281][ T2403]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  110.924006][ T2403] RIP: 0033:0x7f7a0de6fda9
[  110.928259][ T2403] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.947702][ T2403] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  110.955950][ T2403] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  110.963756][ T2403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:25 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

21:57:25 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x8000000, 0x0, 0x0, 0x0)

[  110.971569][ T2403] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  110.979379][ T2403] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  110.987192][ T2403] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  110.995112][ T2403]  </TASK>
21:57:25 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:25 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x9000000, 0x0, 0x0, 0x0)

21:57:25 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

[  111.026602][ T2415] FAULT_INJECTION: forcing a failure.
[  111.026602][ T2415] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  111.053428][ T2415] CPU: 0 PID: 2415 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.063516][ T2415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.073408][ T2415] Call Trace:
[  111.076532][ T2415]  <TASK>
[  111.079310][ T2415]  dump_stack_lvl+0x151/0x1b7
[  111.083826][ T2415]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.089289][ T2415]  ? __stack_depot_save+0x34/0x470
[  111.094239][ T2415]  dump_stack+0x15/0x17
[  111.098237][ T2415]  should_fail+0x3c6/0x510
[  111.102491][ T2415]  should_fail_alloc_page+0x5a/0x80
[  111.107515][ T2415]  prepare_alloc_pages+0x15c/0x700
[  111.112463][ T2415]  ? __alloc_pages+0x8f0/0x8f0
[  111.117068][ T2415]  ? __alloc_pages_bulk+0xe40/0xe40
[  111.122105][ T2415]  __alloc_pages+0x18c/0x8f0
[  111.126524][ T2415]  ? prep_new_page+0x110/0x110
[  111.131130][ T2415]  ? __kasan_kmalloc+0x9/0x10
[  111.135639][ T2415]  ? __kmalloc+0x13a/0x270
[  111.139892][ T2415]  ? __vmalloc_node_range+0x2d6/0x8d0
[  111.145095][ T2415]  __vmalloc_node_range+0x482/0x8d0
[  111.150137][ T2415]  dup_task_struct+0x416/0xc60
[  111.154729][ T2415]  ? copy_process+0x5c4/0x3290
[  111.159330][ T2415]  ? __kasan_check_write+0x14/0x20
[  111.164279][ T2415]  copy_process+0x5c4/0x3290
[  111.168708][ T2415]  ? __kasan_check_write+0x14/0x20
[  111.173653][ T2415]  ? proc_fail_nth_write+0x20b/0x290
[  111.178771][ T2415]  ? selinux_file_permission+0x2c4/0x570
[  111.184243][ T2415]  ? fsnotify_perm+0x6a/0x5d0
[  111.188753][ T2415]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.193699][ T2415]  ? vfs_write+0x9ec/0x1110
[  111.198043][ T2415]  kernel_clone+0x21e/0x9e0
[  111.202381][ T2415]  ? file_end_write+0x1c0/0x1c0
[  111.207065][ T2415]  ? create_io_thread+0x1e0/0x1e0
[  111.211928][ T2415]  ? mutex_unlock+0xb2/0x260
[  111.216353][ T2415]  ? __mutex_lock_slowpath+0x10/0x10
[  111.221473][ T2415]  __x64_sys_clone+0x23f/0x290
[  111.226075][ T2415]  ? __do_sys_vfork+0x130/0x130
[  111.230758][ T2415]  ? ksys_write+0x260/0x2c0
[  111.235105][ T2415]  ? debug_smp_processor_id+0x17/0x20
[  111.240304][ T2415]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.246208][ T2415]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.251696][ T2415]  do_syscall_64+0x3d/0xb0
[  111.255928][ T2415]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.261654][ T2415] RIP: 0033:0x7faae203fda9
[  111.265914][ T2415] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  111.285350][ T2415] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  111.293595][ T2415] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  111.301405][ T2415] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  111.309215][ T2415] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  111.317040][ T2415] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:26 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x10000200, 0x0, 0x0, 0x0)

21:57:26 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

[  111.324838][ T2415] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  111.332655][ T2415]  </TASK>
[  111.350734][ T2426] FAULT_INJECTION: forcing a failure.
[  111.350734][ T2426] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  111.366977][ T2426] CPU: 0 PID: 2426 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.377065][ T2426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.383665][ T2430] FAULT_INJECTION: forcing a failure.
[  111.383665][ T2430] name failslab, interval 1, probability 0, space 0, times 0
[  111.386958][ T2426] Call Trace:
[  111.386967][ T2426]  <TASK>
[  111.386975][ T2426]  dump_stack_lvl+0x151/0x1b7
[  111.387002][ T2426]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.387022][ T2426]  ? stack_trace_save+0x113/0x1c0
[  111.420110][ T2426]  ? stack_trace_snprint+0xf0/0xf0
[  111.425059][ T2426]  ? stack_trace_snprint+0xf0/0xf0
[  111.430002][ T2426]  dump_stack+0x15/0x17
[  111.433992][ T2426]  should_fail+0x3c6/0x510
[  111.438251][ T2426]  should_fail_alloc_page+0x5a/0x80
[  111.443285][ T2426]  prepare_alloc_pages+0x15c/0x700
[  111.448255][ T2426]  ? __alloc_pages_bulk+0xe40/0xe40
[  111.453263][ T2426]  ? __kasan_check_write+0x14/0x20
[  111.458211][ T2426]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[  111.463944][ T2426]  __alloc_pages+0x18c/0x8f0
[  111.468375][ T2426]  ? prep_new_page+0x110/0x110
[  111.472964][ T2426]  ? pcpu_alloc+0xda0/0x13e0
[  111.477393][ T2426]  __get_free_pages+0x10/0x30
[  111.481908][ T2426]  pgd_alloc+0x21/0x2c0
[  111.485899][ T2426]  mm_init+0x5c7/0x970
[  111.489812][ T2426]  copy_mm+0x1e3/0x13e0
[  111.493796][ T2426]  ? _raw_spin_lock+0xa4/0x1b0
[  111.498398][ T2426]  ? copy_signal+0x610/0x610
[  111.502823][ T2426]  ? __kasan_check_write+0x14/0x20
[  111.507772][ T2426]  ? __init_rwsem+0xd6/0x1c0
[  111.512195][ T2426]  ? copy_signal+0x4e3/0x610
[  111.516621][ T2426]  copy_process+0x1149/0x3290
[  111.521136][ T2426]  ? proc_fail_nth_write+0x20b/0x290
[  111.526256][ T2426]  ? fsnotify_perm+0x6a/0x5d0
[  111.530768][ T2426]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.535714][ T2426]  ? vfs_write+0x9ec/0x1110
[  111.540058][ T2426]  kernel_clone+0x21e/0x9e0
[  111.544404][ T2426]  ? file_end_write+0x1c0/0x1c0
[  111.549082][ T2426]  ? create_io_thread+0x1e0/0x1e0
[  111.553938][ T2426]  ? mutex_unlock+0xb2/0x260
[  111.558366][ T2426]  ? __mutex_lock_slowpath+0x10/0x10
[  111.563487][ T2426]  __x64_sys_clone+0x23f/0x290
[  111.568088][ T2426]  ? __do_sys_vfork+0x130/0x130
[  111.572774][ T2426]  ? ksys_write+0x260/0x2c0
[  111.577118][ T2426]  ? debug_smp_processor_id+0x17/0x20
[  111.582323][ T2426]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.588226][ T2426]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.593691][ T2426]  do_syscall_64+0x3d/0xb0
[  111.597954][ T2426]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.603672][ T2426] RIP: 0033:0x7f7a0de6fda9
[  111.607941][ T2426] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  111.627368][ T2426] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  111.635609][ T2426] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  111.643423][ T2426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  111.651238][ T2426] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  111.659050][ T2426] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  111.666859][ T2426] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
[  111.674676][ T2426]  </TASK>
[  111.679162][ T2430] CPU: 0 PID: 2430 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  111.689231][ T2430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  111.699125][ T2430] Call Trace:
[  111.702245][ T2430]  <TASK>
[  111.705027][ T2430]  dump_stack_lvl+0x151/0x1b7
[  111.709537][ T2430]  ? io_uring_drop_tctx_refs+0x190/0x190
[  111.715014][ T2430]  dump_stack+0x15/0x17
[  111.718999][ T2430]  should_fail+0x3c6/0x510
[  111.723252][ T2430]  __should_failslab+0xa4/0xe0
[  111.727858][ T2430]  should_failslab+0x9/0x20
[  111.732190][ T2430]  slab_pre_alloc_hook+0x37/0xd0
[  111.736967][ T2430]  __kmalloc+0x6d/0x270
[  111.740956][ T2430]  ? security_prepare_creds+0x4d/0x140
[  111.746253][ T2430]  security_prepare_creds+0x4d/0x140
[  111.751484][ T2430]  prepare_creds+0x472/0x6a0
[  111.755905][ T2430]  copy_creds+0xf0/0x630
[  111.759982][ T2430]  ? dup_task_struct+0x7e6/0xc60
[  111.764756][ T2430]  copy_process+0x7c3/0x3290
[  111.769185][ T2430]  ? __kasan_check_write+0x14/0x20
[  111.774128][ T2430]  ? proc_fail_nth_write+0x20b/0x290
[  111.779257][ T2430]  ? selinux_file_permission+0x2c4/0x570
[  111.784723][ T2430]  ? fsnotify_perm+0x6a/0x5d0
[  111.789229][ T2430]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  111.794175][ T2430]  ? vfs_write+0x9ec/0x1110
[  111.798526][ T2430]  kernel_clone+0x21e/0x9e0
[  111.802860][ T2430]  ? file_end_write+0x1c0/0x1c0
[  111.807546][ T2430]  ? create_io_thread+0x1e0/0x1e0
[  111.812404][ T2430]  ? mutex_unlock+0xb2/0x260
[  111.816831][ T2430]  ? __mutex_lock_slowpath+0x10/0x10
[  111.821950][ T2430]  __x64_sys_clone+0x23f/0x290
[  111.826550][ T2430]  ? __do_sys_vfork+0x130/0x130
[  111.831239][ T2430]  ? ksys_write+0x260/0x2c0
[  111.835577][ T2430]  ? debug_smp_processor_id+0x17/0x20
[  111.840792][ T2430]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  111.846684][ T2430]  ? exit_to_user_mode_prepare+0x39/0xa0
[  111.852156][ T2430]  do_syscall_64+0x3d/0xb0
[  111.856408][ T2430]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  111.862137][ T2430] RIP: 0033:0x7faae203fda9
[  111.866391][ T2430] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  111.885835][ T2430] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  111.894077][ T2430] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  111.901887][ T2430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  111.909695][ T2430] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  111.917512][ T2430] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:26 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:26 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1f000000, 0x0, 0x0, 0x0)

21:57:26 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  111.925321][ T2430] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  111.933135][ T2430]  </TASK>
21:57:26 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1ffff000, 0x0, 0x0, 0x0)

21:57:26 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

[  112.002522][ T2437] FAULT_INJECTION: forcing a failure.
[  112.002522][ T2437] name failslab, interval 1, probability 0, space 0, times 0
[  112.015084][ T2437] CPU: 1 PID: 2437 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.025158][ T2437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.035050][ T2437] Call Trace:
[  112.038171][ T2437]  <TASK>
[  112.040948][ T2437]  dump_stack_lvl+0x151/0x1b7
[  112.045464][ T2437]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.050930][ T2437]  ? avc_has_perm_noaudit+0x348/0x430
[  112.056141][ T2437]  dump_stack+0x15/0x17
[  112.060147][ T2437]  should_fail+0x3c6/0x510
[  112.064384][ T2437]  __should_failslab+0xa4/0xe0
[  112.068980][ T2437]  ? dup_fd+0x72/0xb00
[  112.072883][ T2437]  should_failslab+0x9/0x20
[  112.077222][ T2437]  slab_pre_alloc_hook+0x37/0xd0
[  112.081996][ T2437]  ? dup_fd+0x72/0xb00
[  112.085901][ T2437]  kmem_cache_alloc+0x44/0x200
[  112.090509][ T2437]  dup_fd+0x72/0xb00
[  112.094234][ T2437]  ? avc_has_perm+0x16f/0x260
[  112.098748][ T2437]  ? avc_has_perm_noaudit+0x430/0x430
[  112.103956][ T2437]  copy_files+0xe6/0x200
[  112.108034][ T2437]  ? perf_event_attrs+0x30/0x30
[  112.112726][ T2437]  ? dup_task_struct+0xc60/0xc60
[  112.117498][ T2437]  ? security_task_alloc+0xf9/0x130
[  112.122530][ T2437]  copy_process+0x1080/0x3290
[  112.127050][ T2437]  ? proc_fail_nth_write+0x20b/0x290
[  112.132169][ T2437]  ? fsnotify_perm+0x6a/0x5d0
[  112.136680][ T2437]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  112.141629][ T2437]  ? vfs_write+0x9ec/0x1110
[  112.145969][ T2437]  kernel_clone+0x21e/0x9e0
[  112.150306][ T2437]  ? file_end_write+0x1c0/0x1c0
[  112.154992][ T2437]  ? create_io_thread+0x1e0/0x1e0
[  112.159851][ T2437]  ? mutex_unlock+0xb2/0x260
[  112.164282][ T2437]  ? __mutex_lock_slowpath+0x10/0x10
[  112.169400][ T2437]  __x64_sys_clone+0x23f/0x290
[  112.173999][ T2437]  ? __do_sys_vfork+0x130/0x130
[  112.178689][ T2437]  ? ksys_write+0x260/0x2c0
[  112.183033][ T2437]  ? debug_smp_processor_id+0x17/0x20
[  112.188235][ T2437]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  112.194135][ T2437]  ? exit_to_user_mode_prepare+0x39/0xa0
[  112.199604][ T2437]  do_syscall_64+0x3d/0xb0
[  112.203855][ T2437]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  112.209587][ T2437] RIP: 0033:0x7faae203fda9
[  112.213843][ T2437] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  112.233279][ T2437] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.241526][ T2437] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:27 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

[  112.249335][ T2437] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  112.257148][ T2437] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  112.264962][ T2437] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.272773][ T2437] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  112.280588][ T2437]  </TASK>
21:57:27 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

21:57:27 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x20000000, 0x0, 0x0, 0x0)

[  112.299059][ T2446] FAULT_INJECTION: forcing a failure.
[  112.299059][ T2446] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  112.331947][ T2448] FAULT_INJECTION: forcing a failure.
[  112.331947][ T2448] name failslab, interval 1, probability 0, space 0, times 0
[  112.339559][ T2446] CPU: 0 PID: 2446 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.354527][ T2446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.364414][ T2446] Call Trace:
[  112.367548][ T2446]  <TASK>
[  112.370320][ T2446]  dump_stack_lvl+0x151/0x1b7
[  112.374836][ T2446]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.380304][ T2446]  ? __stack_depot_save+0x34/0x470
[  112.385246][ T2446]  dump_stack+0x15/0x17
[  112.389237][ T2446]  should_fail+0x3c6/0x510
[  112.393493][ T2446]  should_fail_alloc_page+0x5a/0x80
[  112.398530][ T2446]  prepare_alloc_pages+0x15c/0x700
[  112.403476][ T2446]  ? __alloc_pages+0x8f0/0x8f0
[  112.408073][ T2446]  ? __alloc_pages_bulk+0xe40/0xe40
[  112.413107][ T2446]  __alloc_pages+0x18c/0x8f0
[  112.417534][ T2446]  ? prep_new_page+0x110/0x110
[  112.422133][ T2446]  ? __kasan_kmalloc+0x9/0x10
[  112.426645][ T2446]  ? __kmalloc+0x13a/0x270
[  112.430897][ T2446]  ? __vmalloc_node_range+0x2d6/0x8d0
[  112.436111][ T2446]  __vmalloc_node_range+0x482/0x8d0
[  112.441147][ T2446]  dup_task_struct+0x416/0xc60
[  112.445742][ T2446]  ? copy_process+0x5c4/0x3290
[  112.450342][ T2446]  ? __kasan_check_write+0x14/0x20
[  112.455289][ T2446]  copy_process+0x5c4/0x3290
[  112.459717][ T2446]  ? __kasan_check_write+0x14/0x20
[  112.464659][ T2446]  ? proc_fail_nth_write+0x20b/0x290
[  112.469784][ T2446]  ? selinux_file_permission+0x2c4/0x570
[  112.475249][ T2446]  ? fsnotify_perm+0x6a/0x5d0
[  112.479761][ T2446]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  112.484711][ T2446]  ? vfs_write+0x9ec/0x1110
[  112.489052][ T2446]  kernel_clone+0x21e/0x9e0
[  112.493385][ T2446]  ? file_end_write+0x1c0/0x1c0
[  112.498076][ T2446]  ? create_io_thread+0x1e0/0x1e0
[  112.502935][ T2446]  ? mutex_unlock+0xb2/0x260
[  112.507373][ T2446]  ? __mutex_lock_slowpath+0x10/0x10
[  112.512495][ T2446]  __x64_sys_clone+0x23f/0x290
[  112.517083][ T2446]  ? __do_sys_vfork+0x130/0x130
[  112.521770][ T2446]  ? ksys_write+0x260/0x2c0
[  112.526126][ T2446]  ? debug_smp_processor_id+0x17/0x20
[  112.531316][ T2446]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  112.537218][ T2446]  ? exit_to_user_mode_prepare+0x39/0xa0
[  112.542692][ T2446]  do_syscall_64+0x3d/0xb0
[  112.546987][ T2446]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  112.552678][ T2446] RIP: 0033:0x7f7a0de6fda9
[  112.556924][ T2446] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  112.576362][ T2446] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.584606][ T2446] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  112.592420][ T2446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:27 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  112.600232][ T2446] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  112.608175][ T2446] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.615968][ T2446] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  112.623790][ T2446]  </TASK>
[  112.627671][ T2448] CPU: 1 PID: 2448 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.637747][ T2448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.647644][ T2448] Call Trace:
[  112.650763][ T2448]  <TASK>
[  112.653538][ T2448]  dump_stack_lvl+0x151/0x1b7
[  112.658051][ T2448]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.663521][ T2448]  dump_stack+0x15/0x17
[  112.667511][ T2448]  should_fail+0x3c6/0x510
[  112.671763][ T2448]  __should_failslab+0xa4/0xe0
[  112.676363][ T2448]  ? anon_vma_fork+0x1df/0x4e0
[  112.680966][ T2448]  should_failslab+0x9/0x20
[  112.685305][ T2448]  slab_pre_alloc_hook+0x37/0xd0
[  112.690080][ T2448]  ? anon_vma_fork+0x1df/0x4e0
[  112.694681][ T2448]  kmem_cache_alloc+0x44/0x200
[  112.699280][ T2448]  anon_vma_fork+0x1df/0x4e0
[  112.703706][ T2448]  copy_mm+0xa3a/0x13e0
[  112.707701][ T2448]  ? copy_signal+0x610/0x610
[  112.712122][ T2448]  ? __init_rwsem+0xd6/0x1c0
[  112.716549][ T2448]  ? copy_signal+0x4e3/0x610
[  112.720979][ T2448]  copy_process+0x1149/0x3290
[  112.725493][ T2448]  ? proc_fail_nth_write+0x20b/0x290
[  112.730609][ T2448]  ? fsnotify_perm+0x6a/0x5d0
[  112.735123][ T2448]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  112.740068][ T2448]  ? vfs_write+0x9ec/0x1110
[  112.744410][ T2448]  kernel_clone+0x21e/0x9e0
[  112.748750][ T2448]  ? file_end_write+0x1c0/0x1c0
[  112.753434][ T2448]  ? create_io_thread+0x1e0/0x1e0
[  112.758295][ T2448]  ? mutex_unlock+0xb2/0x260
[  112.762727][ T2448]  ? __mutex_lock_slowpath+0x10/0x10
[  112.767857][ T2448]  __x64_sys_clone+0x23f/0x290
[  112.772448][ T2448]  ? __do_sys_vfork+0x130/0x130
[  112.777130][ T2448]  ? ksys_write+0x260/0x2c0
[  112.781478][ T2448]  ? debug_smp_processor_id+0x17/0x20
[  112.786678][ T2448]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  112.792582][ T2448]  ? exit_to_user_mode_prepare+0x39/0xa0
[  112.798052][ T2448]  do_syscall_64+0x3d/0xb0
[  112.802309][ T2448]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  112.808034][ T2448] RIP: 0033:0x7faae203fda9
[  112.812284][ T2448] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  112.831728][ T2448] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  112.840155][ T2448] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  112.847971][ T2448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:27 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

21:57:27 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

21:57:27 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x806702a0, 0x0, 0x0, 0x0)

[  112.855778][ T2448] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  112.863589][ T2448] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  112.871399][ T2448] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  112.879215][ T2448]  </TASK>
21:57:27 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  112.918311][ T2456] FAULT_INJECTION: forcing a failure.
[  112.918311][ T2456] name failslab, interval 1, probability 0, space 0, times 0
[  112.934791][ T2456] CPU: 1 PID: 2456 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  112.944875][ T2456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  112.954773][ T2456] Call Trace:
[  112.957967][ T2456]  <TASK>
[  112.958606][ T2459] FAULT_INJECTION: forcing a failure.
[  112.958606][ T2459] name failslab, interval 1, probability 0, space 0, times 0
[  112.960666][ T2456]  dump_stack_lvl+0x151/0x1b7
[  112.960695][ T2456]  ? io_uring_drop_tctx_refs+0x190/0x190
[  112.983065][ T2456]  ? avc_denied+0x1b0/0x1b0
[  112.987405][ T2456]  dump_stack+0x15/0x17
[  112.991405][ T2456]  should_fail+0x3c6/0x510
[  112.995654][ T2456]  __should_failslab+0xa4/0xe0
[  113.000249][ T2456]  ? vm_area_dup+0x26/0x230
[  113.004586][ T2456]  should_failslab+0x9/0x20
[  113.008927][ T2456]  slab_pre_alloc_hook+0x37/0xd0
[  113.013698][ T2456]  ? vm_area_dup+0x26/0x230
[  113.018035][ T2456]  kmem_cache_alloc+0x44/0x200
[  113.022637][ T2456]  vm_area_dup+0x26/0x230
[  113.026806][ T2456]  copy_mm+0x9a1/0x13e0
[  113.030802][ T2456]  ? copy_signal+0x610/0x610
[  113.035221][ T2456]  ? __init_rwsem+0xd6/0x1c0
[  113.039662][ T2456]  ? copy_signal+0x4e3/0x610
[  113.044075][ T2456]  copy_process+0x1149/0x3290
[  113.048589][ T2456]  ? proc_fail_nth_write+0x20b/0x290
[  113.053709][ T2456]  ? fsnotify_perm+0x6a/0x5d0
[  113.058227][ T2456]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  113.063170][ T2456]  ? vfs_write+0x9ec/0x1110
[  113.067511][ T2456]  kernel_clone+0x21e/0x9e0
[  113.071851][ T2456]  ? file_end_write+0x1c0/0x1c0
[  113.076537][ T2456]  ? create_io_thread+0x1e0/0x1e0
[  113.081395][ T2456]  ? mutex_unlock+0xb2/0x260
[  113.085824][ T2456]  ? __mutex_lock_slowpath+0x10/0x10
[  113.090948][ T2456]  __x64_sys_clone+0x23f/0x290
[  113.095545][ T2456]  ? __do_sys_vfork+0x130/0x130
[  113.100226][ T2456]  ? ksys_write+0x260/0x2c0
[  113.104570][ T2456]  ? debug_smp_processor_id+0x17/0x20
[  113.109780][ T2456]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  113.115680][ T2456]  ? exit_to_user_mode_prepare+0x39/0xa0
[  113.121145][ T2456]  do_syscall_64+0x3d/0xb0
[  113.125397][ T2456]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  113.131123][ T2456] RIP: 0033:0x7f7a0de6fda9
[  113.135379][ T2456] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.154822][ T2456] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  113.163065][ T2456] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  113.170878][ T2456] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  113.178689][ T2456] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  113.186508][ T2456] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  113.194315][ T2456] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  113.202127][ T2456]  </TASK>
[  113.209676][ T2459] CPU: 0 PID: 2459 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  113.219759][ T2459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  113.229651][ T2459] Call Trace:
[  113.232772][ T2459]  <TASK>
[  113.235551][ T2459]  dump_stack_lvl+0x151/0x1b7
[  113.240060][ T2459]  ? io_uring_drop_tctx_refs+0x190/0x190
[  113.245530][ T2459]  ? __kasan_kmalloc+0x9/0x10
[  113.250047][ T2459]  ? alloc_fdtable+0xaf/0x2a0
[  113.254558][ T2459]  ? dup_fd+0x759/0xb00
[  113.258546][ T2459]  ? copy_files+0xe6/0x200
[  113.262805][ T2459]  ? kernel_clone+0x21e/0x9e0
[  113.267316][ T2459]  ? __x64_sys_clone+0x23f/0x290
[  113.272090][ T2459]  ? do_syscall_64+0x3d/0xb0
[  113.276513][ T2459]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  113.282422][ T2459]  dump_stack+0x15/0x17
[  113.286413][ T2459]  should_fail+0x3c6/0x510
[  113.290668][ T2459]  __should_failslab+0xa4/0xe0
[  113.295267][ T2459]  should_failslab+0x9/0x20
[  113.299603][ T2459]  slab_pre_alloc_hook+0x37/0xd0
[  113.304379][ T2459]  __kmalloc+0x6d/0x270
[  113.308374][ T2459]  ? kvmalloc_node+0x1f0/0x4d0
[  113.312967][ T2459]  kvmalloc_node+0x1f0/0x4d0
[  113.317397][ T2459]  ? vm_mmap+0xb0/0xb0
[  113.321306][ T2459]  ? __kasan_kmalloc+0x9/0x10
[  113.325818][ T2459]  ? kmem_cache_alloc_trace+0x115/0x210
[  113.331194][ T2459]  ? alloc_fdtable+0xaf/0x2a0
[  113.335709][ T2459]  alloc_fdtable+0xeb/0x2a0
[  113.340049][ T2459]  dup_fd+0x759/0xb00
[  113.343866][ T2459]  ? avc_has_perm+0x16f/0x260
[  113.348389][ T2459]  copy_files+0xe6/0x200
[  113.352457][ T2459]  ? perf_event_attrs+0x30/0x30
[  113.357145][ T2459]  ? dup_task_struct+0xc60/0xc60
[  113.361920][ T2459]  ? security_task_alloc+0xf9/0x130
[  113.366976][ T2459]  copy_process+0x1080/0x3290
[  113.371470][ T2459]  ? proc_fail_nth_write+0x20b/0x290
[  113.376595][ T2459]  ? fsnotify_perm+0x6a/0x5d0
[  113.381101][ T2459]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  113.386045][ T2459]  ? vfs_write+0x9ec/0x1110
[  113.390389][ T2459]  kernel_clone+0x21e/0x9e0
[  113.394744][ T2459]  ? file_end_write+0x1c0/0x1c0
[  113.399417][ T2459]  ? create_io_thread+0x1e0/0x1e0
[  113.404279][ T2459]  ? mutex_unlock+0xb2/0x260
[  113.408708][ T2459]  ? __mutex_lock_slowpath+0x10/0x10
[  113.413820][ T2459]  __x64_sys_clone+0x23f/0x290
[  113.418420][ T2459]  ? __do_sys_vfork+0x130/0x130
[  113.423107][ T2459]  ? ksys_write+0x260/0x2c0
[  113.427450][ T2459]  ? debug_smp_processor_id+0x17/0x20
[  113.432652][ T2459]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  113.438553][ T2459]  ? exit_to_user_mode_prepare+0x39/0xa0
[  113.444023][ T2459]  do_syscall_64+0x3d/0xb0
[  113.448276][ T2459]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  113.454003][ T2459] RIP: 0033:0x7faae203fda9
[  113.458259][ T2459] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.477697][ T2459] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  113.485949][ T2459] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  113.493752][ T2459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  113.501564][ T2459] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  113.509378][ T2459] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:28 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

21:57:28 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

21:57:28 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xa0026780, 0x0, 0x0, 0x0)

[  113.517186][ T2459] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  113.525002][ T2459]  </TASK>
[  113.549976][ T2467] FAULT_INJECTION: forcing a failure.
[  113.549976][ T2467] name failslab, interval 1, probability 0, space 0, times 0
[  113.576486][ T2470] FAULT_INJECTION: forcing a failure.
[  113.576486][ T2470] name failslab, interval 1, probability 0, space 0, times 0
[  113.577499][ T2467] CPU: 0 PID: 2467 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  113.598975][ T2467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  113.608869][ T2467] Call Trace:
[  113.611991][ T2467]  <TASK>
[  113.614770][ T2467]  dump_stack_lvl+0x151/0x1b7
[  113.619286][ T2467]  ? io_uring_drop_tctx_refs+0x190/0x190
[  113.624760][ T2467]  dump_stack+0x15/0x17
[  113.628741][ T2467]  should_fail+0x3c6/0x510
[  113.632998][ T2467]  __should_failslab+0xa4/0xe0
[  113.637603][ T2467]  ? anon_vma_clone+0x9a/0x500
[  113.642195][ T2467]  should_failslab+0x9/0x20
[  113.646533][ T2467]  slab_pre_alloc_hook+0x37/0xd0
[  113.651311][ T2467]  ? anon_vma_clone+0x9a/0x500
[  113.655910][ T2467]  kmem_cache_alloc+0x44/0x200
[  113.660513][ T2467]  anon_vma_clone+0x9a/0x500
[  113.664939][ T2467]  anon_vma_fork+0x91/0x4e0
[  113.669272][ T2467]  ? anon_vma_name+0x4c/0x70
[  113.673700][ T2467]  ? vm_area_dup+0x17a/0x230
[  113.678127][ T2467]  copy_mm+0xa3a/0x13e0
[  113.682123][ T2467]  ? copy_signal+0x610/0x610
[  113.686546][ T2467]  ? __init_rwsem+0xd6/0x1c0
[  113.690971][ T2467]  ? copy_signal+0x4e3/0x610
[  113.695401][ T2467]  copy_process+0x1149/0x3290
[  113.699929][ T2467]  ? proc_fail_nth_write+0x20b/0x290
[  113.705032][ T2467]  ? fsnotify_perm+0x6a/0x5d0
[  113.709548][ T2467]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  113.714495][ T2467]  ? vfs_write+0x9ec/0x1110
[  113.718833][ T2467]  kernel_clone+0x21e/0x9e0
[  113.723174][ T2467]  ? file_end_write+0x1c0/0x1c0
[  113.727870][ T2467]  ? create_io_thread+0x1e0/0x1e0
[  113.732720][ T2467]  ? mutex_unlock+0xb2/0x260
[  113.737150][ T2467]  ? __mutex_lock_slowpath+0x10/0x10
[  113.742269][ T2467]  __x64_sys_clone+0x23f/0x290
[  113.746869][ T2467]  ? __do_sys_vfork+0x130/0x130
[  113.751551][ T2467]  ? ksys_write+0x260/0x2c0
[  113.755897][ T2467]  ? debug_smp_processor_id+0x17/0x20
[  113.761104][ T2467]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  113.767003][ T2467]  ? exit_to_user_mode_prepare+0x39/0xa0
[  113.772476][ T2467]  do_syscall_64+0x3d/0xb0
[  113.776737][ T2467]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  113.782453][ T2467] RIP: 0033:0x7f7a0de6fda9
[  113.786722][ T2467] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.806149][ T2467] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  113.814393][ T2467] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  113.822204][ T2467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  113.830016][ T2467] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  113.837827][ T2467] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  113.845640][ T2467] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  113.853454][ T2467]  </TASK>
[  113.856314][ T2470] CPU: 1 PID: 2470 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  113.866381][ T2470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  113.876275][ T2470] Call Trace:
[  113.879401][ T2470]  <TASK>
[  113.882182][ T2470]  dump_stack_lvl+0x151/0x1b7
[  113.886693][ T2470]  ? io_uring_drop_tctx_refs+0x190/0x190
[  113.892160][ T2470]  dump_stack+0x15/0x17
[  113.896152][ T2470]  should_fail+0x3c6/0x510
[  113.900405][ T2470]  __should_failslab+0xa4/0xe0
[  113.905001][ T2470]  should_failslab+0x9/0x20
[  113.909343][ T2470]  slab_pre_alloc_hook+0x37/0xd0
[  113.914116][ T2470]  __kmalloc+0x6d/0x270
[  113.918108][ T2470]  ? kvmalloc_node+0x1f0/0x4d0
[  113.922709][ T2470]  kvmalloc_node+0x1f0/0x4d0
[  113.927136][ T2470]  ? vm_mmap+0xb0/0xb0
[  113.931040][ T2470]  ? __kasan_kmalloc+0x9/0x10
[  113.935554][ T2470]  ? kmem_cache_alloc_trace+0x115/0x210
[  113.940934][ T2470]  ? alloc_fdtable+0xaf/0x2a0
[  113.945448][ T2470]  alloc_fdtable+0x163/0x2a0
[  113.949878][ T2470]  dup_fd+0x759/0xb00
[  113.953692][ T2470]  ? avc_has_perm+0x16f/0x260
[  113.958212][ T2470]  copy_files+0xe6/0x200
[  113.962286][ T2470]  ? perf_event_attrs+0x30/0x30
[  113.966973][ T2470]  ? dup_task_struct+0xc60/0xc60
[  113.971750][ T2470]  ? security_task_alloc+0xf9/0x130
[  113.976786][ T2470]  copy_process+0x1080/0x3290
[  113.981296][ T2470]  ? proc_fail_nth_write+0x20b/0x290
[  113.986414][ T2470]  ? fsnotify_perm+0x6a/0x5d0
[  113.990931][ T2470]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  113.995961][ T2470]  ? vfs_write+0x9ec/0x1110
[  114.000301][ T2470]  kernel_clone+0x21e/0x9e0
[  114.004641][ T2470]  ? file_end_write+0x1c0/0x1c0
[  114.009336][ T2470]  ? create_io_thread+0x1e0/0x1e0
[  114.014190][ T2470]  ? mutex_unlock+0xb2/0x260
[  114.018613][ T2470]  ? __mutex_lock_slowpath+0x10/0x10
[  114.023738][ T2470]  __x64_sys_clone+0x23f/0x290
[  114.028337][ T2470]  ? __do_sys_vfork+0x130/0x130
[  114.033021][ T2470]  ? ksys_write+0x260/0x2c0
[  114.037364][ T2470]  ? debug_smp_processor_id+0x17/0x20
[  114.042571][ T2470]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  114.048473][ T2470]  ? exit_to_user_mode_prepare+0x39/0xa0
[  114.053940][ T2470]  do_syscall_64+0x3d/0xb0
[  114.058203][ T2470]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  114.063919][ T2470] RIP: 0033:0x7faae203fda9
[  114.068175][ T2470] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.087617][ T2470] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  114.095863][ T2470] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  114.103672][ T2470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  114.111483][ T2470] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  114.119293][ T2470] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:28 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:28 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

[  114.127107][ T2470] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  114.134918][ T2470]  </TASK>
21:57:29 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0)

21:57:29 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  114.174391][ T2474] FAULT_INJECTION: forcing a failure.
[  114.174391][ T2474] name failslab, interval 1, probability 0, space 0, times 0
[  114.200325][ T2474] CPU: 0 PID: 2474 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  114.210413][ T2474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  114.220294][ T2474] Call Trace:
[  114.223420][ T2474]  <TASK>
[  114.226197][ T2474]  dump_stack_lvl+0x151/0x1b7
[  114.230709][ T2474]  ? io_uring_drop_tctx_refs+0x190/0x190
[  114.236178][ T2474]  ? __kasan_check_write+0x14/0x20
[  114.241123][ T2474]  ? _raw_spin_lock+0xa4/0x1b0
[  114.245723][ T2474]  ? _raw_spin_trylock_bh+0x190/0x190
[  114.250933][ T2474]  dump_stack+0x15/0x17
[  114.254924][ T2474]  should_fail+0x3c6/0x510
[  114.259177][ T2474]  __should_failslab+0xa4/0xe0
[  114.263776][ T2474]  ? copy_fs_struct+0x4e/0x230
[  114.268379][ T2474]  should_failslab+0x9/0x20
[  114.272724][ T2474]  slab_pre_alloc_hook+0x37/0xd0
[  114.277489][ T2474]  ? copy_fs_struct+0x4e/0x230
[  114.282089][ T2474]  kmem_cache_alloc+0x44/0x200
[  114.286692][ T2474]  copy_fs_struct+0x4e/0x230
[  114.291120][ T2474]  copy_fs+0x71/0x140
[  114.294936][ T2474]  copy_process+0x10ab/0x3290
[  114.299451][ T2474]  ? proc_fail_nth_write+0x20b/0x290
[  114.304572][ T2474]  ? fsnotify_perm+0x6a/0x5d0
[  114.309082][ T2474]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  114.314115][ T2474]  ? vfs_write+0x9ec/0x1110
[  114.318456][ T2474]  kernel_clone+0x21e/0x9e0
[  114.322798][ T2474]  ? file_end_write+0x1c0/0x1c0
[  114.327483][ T2474]  ? create_io_thread+0x1e0/0x1e0
[  114.332343][ T2474]  ? mutex_unlock+0xb2/0x260
[  114.336772][ T2474]  ? __mutex_lock_slowpath+0x10/0x10
[  114.341891][ T2474]  __x64_sys_clone+0x23f/0x290
[  114.346490][ T2474]  ? __do_sys_vfork+0x130/0x130
[  114.351177][ T2474]  ? ksys_write+0x260/0x2c0
[  114.355518][ T2474]  ? debug_smp_processor_id+0x17/0x20
[  114.360724][ T2474]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  114.366634][ T2474]  ? exit_to_user_mode_prepare+0x39/0xa0
[  114.372093][ T2474]  do_syscall_64+0x3d/0xb0
[  114.376346][ T2474]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  114.382076][ T2474] RIP: 0033:0x7faae203fda9
[  114.386329][ T2474] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.405775][ T2474] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  114.414013][ T2474] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:29 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

[  114.421826][ T2474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  114.429639][ T2474] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  114.437452][ T2474] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  114.445262][ T2474] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  114.453076][ T2474]  </TASK>
21:57:29 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xfbffffff, 0x0, 0x0, 0x0)

[  114.471147][ T2480] FAULT_INJECTION: forcing a failure.
[  114.471147][ T2480] name failslab, interval 1, probability 0, space 0, times 0
[  114.487775][ T2480] CPU: 1 PID: 2480 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  114.497858][ T2480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  114.507751][ T2480] Call Trace:
[  114.510890][ T2480]  <TASK>
[  114.513654][ T2480]  dump_stack_lvl+0x151/0x1b7
[  114.518162][ T2480]  ? io_uring_drop_tctx_refs+0x190/0x190
21:57:29 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

[  114.523637][ T2480]  ? avc_has_perm_noaudit+0x348/0x430
[  114.528841][ T2480]  dump_stack+0x15/0x17
[  114.532829][ T2480]  should_fail+0x3c6/0x510
[  114.537084][ T2480]  __should_failslab+0xa4/0xe0
[  114.541684][ T2480]  ? dup_fd+0x72/0xb00
[  114.545590][ T2480]  should_failslab+0x9/0x20
[  114.549931][ T2480]  slab_pre_alloc_hook+0x37/0xd0
[  114.554703][ T2480]  ? dup_fd+0x72/0xb00
[  114.558610][ T2480]  kmem_cache_alloc+0x44/0x200
[  114.563210][ T2480]  dup_fd+0x72/0xb00
[  114.566941][ T2480]  ? avc_has_perm+0x16f/0x260
[  114.571456][ T2480]  ? avc_has_perm_noaudit+0x430/0x430
[  114.576678][ T2480]  copy_files+0xe6/0x200
[  114.580740][ T2480]  ? perf_event_attrs+0x30/0x30
[  114.585428][ T2480]  ? dup_task_struct+0xc60/0xc60
[  114.590207][ T2480]  ? security_task_alloc+0xf9/0x130
[  114.595240][ T2480]  copy_process+0x1080/0x3290
[  114.599752][ T2480]  ? proc_fail_nth_write+0x20b/0x290
[  114.604871][ T2480]  ? fsnotify_perm+0x6a/0x5d0
[  114.609400][ T2480]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  114.614331][ T2480]  ? vfs_write+0x9ec/0x1110
[  114.618674][ T2480]  kernel_clone+0x21e/0x9e0
[  114.623008][ T2480]  ? file_end_write+0x1c0/0x1c0
[  114.627698][ T2480]  ? create_io_thread+0x1e0/0x1e0
[  114.632562][ T2480]  ? mutex_unlock+0xb2/0x260
[  114.636987][ T2480]  ? __mutex_lock_slowpath+0x10/0x10
[  114.642106][ T2480]  __x64_sys_clone+0x23f/0x290
[  114.646708][ T2480]  ? __do_sys_vfork+0x130/0x130
[  114.651388][ T2480]  ? ksys_write+0x260/0x2c0
[  114.655731][ T2480]  ? debug_smp_processor_id+0x17/0x20
[  114.660937][ T2480]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  114.666835][ T2480]  ? exit_to_user_mode_prepare+0x39/0xa0
[  114.672304][ T2480]  do_syscall_64+0x3d/0xb0
[  114.676562][ T2480]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  114.682308][ T2480] RIP: 0033:0x7f7a0de6fda9
[  114.686542][ T2480] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.705982][ T2480] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  114.714225][ T2480] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:29 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  114.722036][ T2480] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  114.729847][ T2480] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  114.737660][ T2480] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  114.745467][ T2480] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  114.753289][ T2480]  </TASK>
[  114.779873][ T2488] FAULT_INJECTION: forcing a failure.
[  114.779873][ T2488] name failslab, interval 1, probability 0, space 0, times 0
[  114.801775][ T2488] CPU: 1 PID: 2488 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  114.811862][ T2488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  114.821757][ T2488] Call Trace:
[  114.824877][ T2488]  <TASK>
[  114.827659][ T2488]  dump_stack_lvl+0x151/0x1b7
[  114.832166][ T2488]  ? io_uring_drop_tctx_refs+0x190/0x190
[  114.837637][ T2488]  dump_stack+0x15/0x17
[  114.841625][ T2488]  should_fail+0x3c6/0x510
[  114.845877][ T2488]  __should_failslab+0xa4/0xe0
[  114.850681][ T2488]  ? copy_sighand+0x54/0x250
[  114.855108][ T2488]  should_failslab+0x9/0x20
[  114.859441][ T2488]  slab_pre_alloc_hook+0x37/0xd0
[  114.864214][ T2488]  ? copy_sighand+0x54/0x250
[  114.868638][ T2488]  kmem_cache_alloc+0x44/0x200
[  114.873239][ T2488]  copy_sighand+0x54/0x250
[  114.877498][ T2488]  copy_process+0x10d6/0x3290
[  114.882007][ T2488]  ? proc_fail_nth_write+0x20b/0x290
[  114.887127][ T2488]  ? fsnotify_perm+0x6a/0x5d0
[  114.891651][ T2488]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  114.896585][ T2488]  ? vfs_write+0x9ec/0x1110
[  114.900926][ T2488]  kernel_clone+0x21e/0x9e0
[  114.905266][ T2488]  ? file_end_write+0x1c0/0x1c0
[  114.909953][ T2488]  ? create_io_thread+0x1e0/0x1e0
[  114.914811][ T2488]  ? mutex_unlock+0xb2/0x260
[  114.919237][ T2488]  ? __mutex_lock_slowpath+0x10/0x10
[  114.924358][ T2488]  __x64_sys_clone+0x23f/0x290
[  114.928958][ T2488]  ? __do_sys_vfork+0x130/0x130
[  114.933646][ T2488]  ? ksys_write+0x260/0x2c0
[  114.937996][ T2488]  ? debug_smp_processor_id+0x17/0x20
[  114.943190][ T2488]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  114.949096][ T2488]  ? exit_to_user_mode_prepare+0x39/0xa0
[  114.954572][ T2488]  do_syscall_64+0x3d/0xb0
[  114.958822][ T2488]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  114.964548][ T2488] RIP: 0033:0x7faae203fda9
[  114.968798][ T2488] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.988242][ T2488] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  114.996495][ T2488] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  115.004302][ T2488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  115.012105][ T2488] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  115.019916][ T2488] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:29 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

21:57:29 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xff0f0100, 0x0, 0x0, 0x0)

21:57:29 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

[  115.027728][ T2488] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  115.035548][ T2488]  </TASK>
[  115.066219][ T2492] FAULT_INJECTION: forcing a failure.
[  115.066219][ T2492] name failslab, interval 1, probability 0, space 0, times 0
[  115.086783][ T2492] CPU: 0 PID: 2492 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  115.096874][ T2492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  115.106773][ T2492] Call Trace:
[  115.109892][ T2492]  <TASK>
[  115.112668][ T2492]  dump_stack_lvl+0x151/0x1b7
[  115.117182][ T2492]  ? io_uring_drop_tctx_refs+0x190/0x190
[  115.122651][ T2492]  dump_stack+0x15/0x17
[  115.126642][ T2492]  should_fail+0x3c6/0x510
[  115.130896][ T2492]  __should_failslab+0xa4/0xe0
[  115.135494][ T2492]  should_failslab+0x9/0x20
[  115.139833][ T2492]  slab_pre_alloc_hook+0x37/0xd0
[  115.144612][ T2492]  kmem_cache_alloc_trace+0x48/0x210
[  115.149735][ T2492]  ? alloc_fdtable+0xaf/0x2a0
[  115.149849][ T2496] FAULT_INJECTION: forcing a failure.
[  115.149849][ T2496] name failslab, interval 1, probability 0, space 0, times 0
[  115.154237][ T2492]  alloc_fdtable+0xaf/0x2a0
[  115.154268][ T2492]  dup_fd+0x759/0xb00
[  115.174823][ T2492]  ? avc_has_perm+0x16f/0x260
[  115.179330][ T2492]  copy_files+0xe6/0x200
[  115.183412][ T2492]  ? perf_event_attrs+0x30/0x30
[  115.188091][ T2492]  ? dup_task_struct+0xc60/0xc60
[  115.192863][ T2492]  ? security_task_alloc+0xf9/0x130
[  115.197909][ T2492]  copy_process+0x1080/0x3290
[  115.202412][ T2492]  ? proc_fail_nth_write+0x20b/0x290
[  115.207540][ T2492]  ? fsnotify_perm+0x6a/0x5d0
[  115.212044][ T2492]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  115.216990][ T2492]  ? vfs_write+0x9ec/0x1110
[  115.221334][ T2492]  kernel_clone+0x21e/0x9e0
[  115.225669][ T2492]  ? file_end_write+0x1c0/0x1c0
[  115.230360][ T2492]  ? create_io_thread+0x1e0/0x1e0
[  115.235216][ T2492]  ? mutex_unlock+0xb2/0x260
[  115.239649][ T2492]  ? __mutex_lock_slowpath+0x10/0x10
[  115.244773][ T2492]  __x64_sys_clone+0x23f/0x290
[  115.249369][ T2492]  ? __do_sys_vfork+0x130/0x130
[  115.254050][ T2492]  ? ksys_write+0x260/0x2c0
[  115.258390][ T2492]  ? debug_smp_processor_id+0x17/0x20
[  115.263601][ T2492]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  115.269502][ T2492]  ? exit_to_user_mode_prepare+0x39/0xa0
[  115.274971][ T2492]  do_syscall_64+0x3d/0xb0
[  115.279219][ T2492]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  115.284946][ T2492] RIP: 0033:0x7f7a0de6fda9
[  115.289199][ T2492] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  115.308644][ T2492] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  115.316888][ T2492] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  115.324700][ T2492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  115.332509][ T2492] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  115.340335][ T2492] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  115.348163][ T2492] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  115.355951][ T2492]  </TASK>
[  115.358814][ T2496] CPU: 1 PID: 2496 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  115.368877][ T2496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  115.378773][ T2496] Call Trace:
[  115.381894][ T2496]  <TASK>
[  115.384673][ T2496]  dump_stack_lvl+0x151/0x1b7
[  115.389183][ T2496]  ? io_uring_drop_tctx_refs+0x190/0x190
[  115.394656][ T2496]  dump_stack+0x15/0x17
[  115.398646][ T2496]  should_fail+0x3c6/0x510
[  115.402898][ T2496]  __should_failslab+0xa4/0xe0
[  115.407499][ T2496]  ? copy_signal+0x55/0x610
[  115.411867][ T2496]  should_failslab+0x9/0x20
[  115.416177][ T2496]  slab_pre_alloc_hook+0x37/0xd0
[  115.420950][ T2496]  ? copy_signal+0x55/0x610
[  115.425291][ T2496]  kmem_cache_alloc+0x44/0x200
[  115.429895][ T2496]  copy_signal+0x55/0x610
[  115.434058][ T2496]  copy_process+0x1101/0x3290
[  115.438573][ T2496]  ? proc_fail_nth_write+0x20b/0x290
[  115.443692][ T2496]  ? fsnotify_perm+0x6a/0x5d0
[  115.448206][ T2496]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  115.453152][ T2496]  ? vfs_write+0x9ec/0x1110
[  115.457492][ T2496]  kernel_clone+0x21e/0x9e0
[  115.461829][ T2496]  ? file_end_write+0x1c0/0x1c0
[  115.466517][ T2496]  ? create_io_thread+0x1e0/0x1e0
[  115.471376][ T2496]  ? mutex_unlock+0xb2/0x260
[  115.475803][ T2496]  ? __mutex_lock_slowpath+0x10/0x10
[  115.480932][ T2496]  __x64_sys_clone+0x23f/0x290
[  115.485525][ T2496]  ? __do_sys_vfork+0x130/0x130
[  115.490230][ T2496]  ? ksys_write+0x260/0x2c0
[  115.494555][ T2496]  ? debug_smp_processor_id+0x17/0x20
[  115.499759][ T2496]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  115.505671][ T2496]  ? exit_to_user_mode_prepare+0x39/0xa0
[  115.511136][ T2496]  do_syscall_64+0x3d/0xb0
[  115.515382][ T2496]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  115.521111][ T2496] RIP: 0033:0x7faae203fda9
[  115.525372][ T2496] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  115.544922][ T2496] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  115.553168][ T2496] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  115.560978][ T2496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  115.568789][ T2496] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  115.576599][ T2496] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:30 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:30 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

21:57:30 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

[  115.584419][ T2496] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  115.592230][ T2496]  </TASK>
[  115.624303][ T2500] FAULT_INJECTION: forcing a failure.
[  115.624303][ T2500] name failslab, interval 1, probability 0, space 0, times 0
[  115.637728][ T2500] CPU: 0 PID: 2500 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  115.647807][ T2500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  115.657698][ T2500] Call Trace:
[  115.660818][ T2500]  <TASK>
[  115.663598][ T2500]  dump_stack_lvl+0x151/0x1b7
[  115.668111][ T2500]  ? io_uring_drop_tctx_refs+0x190/0x190
[  115.673574][ T2500]  ? avc_denied+0x1b0/0x1b0
[  115.677918][ T2500]  dump_stack+0x15/0x17
[  115.681925][ T2500]  should_fail+0x3c6/0x510
[  115.686163][ T2500]  __should_failslab+0xa4/0xe0
[  115.690760][ T2500]  ? vm_area_dup+0x26/0x230
[  115.695102][ T2500]  should_failslab+0x9/0x20
[  115.699442][ T2500]  slab_pre_alloc_hook+0x37/0xd0
[  115.704216][ T2500]  ? vm_area_dup+0x26/0x230
[  115.708556][ T2500]  kmem_cache_alloc+0x44/0x200
[  115.713153][ T2500]  vm_area_dup+0x26/0x230
[  115.717321][ T2500]  copy_mm+0x9a1/0x13e0
[  115.721314][ T2500]  ? copy_signal+0x610/0x610
[  115.725739][ T2500]  ? __init_rwsem+0xd6/0x1c0
[  115.730164][ T2500]  ? copy_signal+0x4e3/0x610
[  115.734593][ T2500]  copy_process+0x1149/0x3290
[  115.739107][ T2500]  ? proc_fail_nth_write+0x20b/0x290
[  115.744227][ T2500]  ? fsnotify_perm+0x6a/0x5d0
[  115.748741][ T2500]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  115.753685][ T2500]  ? vfs_write+0x9ec/0x1110
[  115.758026][ T2500]  kernel_clone+0x21e/0x9e0
[  115.762364][ T2500]  ? file_end_write+0x1c0/0x1c0
[  115.767055][ T2500]  ? create_io_thread+0x1e0/0x1e0
[  115.771911][ T2500]  ? mutex_unlock+0xb2/0x260
[  115.776345][ T2500]  ? __mutex_lock_slowpath+0x10/0x10
[  115.781466][ T2500]  __x64_sys_clone+0x23f/0x290
[  115.786062][ T2500]  ? __do_sys_vfork+0x130/0x130
[  115.790747][ T2500]  ? ksys_write+0x260/0x2c0
[  115.795086][ T2500]  ? debug_smp_processor_id+0x17/0x20
[  115.800294][ T2500]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  115.806314][ T2500]  ? exit_to_user_mode_prepare+0x39/0xa0
[  115.811775][ T2500]  do_syscall_64+0x3d/0xb0
[  115.816024][ T2500]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  115.821752][ T2500] RIP: 0033:0x7faae203fda9
[  115.826010][ T2500] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  115.845449][ T2500] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  115.853691][ T2500] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  115.861501][ T2500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  115.869312][ T2500] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  115.877126][ T2500] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:30 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xfffffff5, 0x0, 0x0, 0x0)

21:57:30 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
getpid()
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  115.884939][ T2500] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  115.892753][ T2500]  </TASK>
[  115.904023][ T2504] FAULT_INJECTION: forcing a failure.
[  115.904023][ T2504] name failslab, interval 1, probability 0, space 0, times 0
[  115.931084][ T2504] CPU: 0 PID: 2504 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  115.941171][ T2504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  115.951059][ T2504] Call Trace:
[  115.954182][ T2504]  <TASK>
[  115.956963][ T2504]  dump_stack_lvl+0x151/0x1b7
[  115.961474][ T2504]  ? io_uring_drop_tctx_refs+0x190/0x190
[  115.966943][ T2504]  ? __kasan_kmalloc+0x9/0x10
[  115.971454][ T2504]  ? alloc_fdtable+0xaf/0x2a0
[  115.975970][ T2504]  ? dup_fd+0x759/0xb00
[  115.979970][ T2504]  ? copy_files+0xe6/0x200
[  115.984222][ T2504]  ? kernel_clone+0x21e/0x9e0
[  115.988731][ T2504]  ? __x64_sys_clone+0x23f/0x290
[  115.993504][ T2504]  ? do_syscall_64+0x3d/0xb0
[  115.997928][ T2504]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  116.003831][ T2504]  dump_stack+0x15/0x17
[  116.007824][ T2504]  should_fail+0x3c6/0x510
[  116.012081][ T2504]  __should_failslab+0xa4/0xe0
[  116.016680][ T2504]  should_failslab+0x9/0x20
[  116.021026][ T2504]  slab_pre_alloc_hook+0x37/0xd0
[  116.025792][ T2504]  __kmalloc+0x6d/0x270
[  116.029780][ T2504]  ? kvmalloc_node+0x1f0/0x4d0
[  116.034384][ T2504]  kvmalloc_node+0x1f0/0x4d0
[  116.038809][ T2504]  ? vm_mmap+0xb0/0xb0
[  116.042779][ T2504]  ? __kasan_kmalloc+0x9/0x10
[  116.047230][ T2504]  ? kmem_cache_alloc_trace+0x115/0x210
[  116.052607][ T2504]  ? alloc_fdtable+0xaf/0x2a0
[  116.057125][ T2504]  alloc_fdtable+0xeb/0x2a0
[  116.061461][ T2504]  dup_fd+0x759/0xb00
[  116.065287][ T2504]  ? avc_has_perm+0x16f/0x260
[  116.069799][ T2504]  copy_files+0xe6/0x200
[  116.073904][ T2504]  ? perf_event_attrs+0x30/0x30
[  116.078562][ T2504]  ? dup_task_struct+0xc60/0xc60
[  116.083328][ T2504]  ? security_task_alloc+0xf9/0x130
[  116.088367][ T2504]  copy_process+0x1080/0x3290
[  116.092883][ T2504]  ? proc_fail_nth_write+0x20b/0x290
[  116.097999][ T2504]  ? fsnotify_perm+0x6a/0x5d0
[  116.102513][ T2504]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  116.107473][ T2504]  ? vfs_write+0x9ec/0x1110
[  116.111799][ T2504]  kernel_clone+0x21e/0x9e0
[  116.116138][ T2504]  ? file_end_write+0x1c0/0x1c0
[  116.120825][ T2504]  ? create_io_thread+0x1e0/0x1e0
[  116.125684][ T2504]  ? mutex_unlock+0xb2/0x260
[  116.130112][ T2504]  ? __mutex_lock_slowpath+0x10/0x10
[  116.135254][ T2504]  __x64_sys_clone+0x23f/0x290
[  116.139833][ T2504]  ? __do_sys_vfork+0x130/0x130
[  116.144519][ T2504]  ? ksys_write+0x260/0x2c0
[  116.148857][ T2504]  ? debug_smp_processor_id+0x17/0x20
[  116.154068][ T2504]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  116.159966][ T2504]  ? exit_to_user_mode_prepare+0x39/0xa0
[  116.165435][ T2504]  do_syscall_64+0x3d/0xb0
[  116.169688][ T2504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  116.175416][ T2504] RIP: 0033:0x7f7a0de6fda9
21:57:30 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

[  116.179681][ T2504] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  116.199111][ T2504] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  116.207358][ T2504] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  116.215166][ T2504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  116.222977][ T2504] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  116.230798][ T2504] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:31 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xfffffffb, 0x0, 0x0, 0x0)

[  116.238613][ T2504] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  116.246417][ T2504]  </TASK>
[  116.257937][ T2512] FAULT_INJECTION: forcing a failure.
[  116.257937][ T2512] name failslab, interval 1, probability 0, space 0, times 0
[  116.271963][ T2512] CPU: 1 PID: 2512 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  116.282042][ T2512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  116.291942][ T2512] Call Trace:
[  116.295071][ T2512]  <TASK>
[  116.297841][ T2512]  dump_stack_lvl+0x151/0x1b7
[  116.302363][ T2512]  ? io_uring_drop_tctx_refs+0x190/0x190
[  116.307822][ T2512]  dump_stack+0x15/0x17
[  116.311810][ T2512]  should_fail+0x3c6/0x510
[  116.316066][ T2512]  __should_failslab+0xa4/0xe0
[  116.320663][ T2512]  ? anon_vma_clone+0x9a/0x500
[  116.325264][ T2512]  should_failslab+0x9/0x20
[  116.329607][ T2512]  slab_pre_alloc_hook+0x37/0xd0
[  116.334375][ T2512]  ? anon_vma_clone+0x9a/0x500
[  116.338979][ T2512]  kmem_cache_alloc+0x44/0x200
[  116.343579][ T2512]  anon_vma_clone+0x9a/0x500
[  116.348004][ T2512]  anon_vma_fork+0x91/0x4e0
[  116.352344][ T2512]  ? anon_vma_name+0x4c/0x70
[  116.356778][ T2512]  ? vm_area_dup+0x17a/0x230
[  116.361197][ T2512]  copy_mm+0xa3a/0x13e0
[  116.365202][ T2512]  ? copy_signal+0x610/0x610
[  116.369622][ T2512]  ? __init_rwsem+0xd6/0x1c0
[  116.374041][ T2512]  ? copy_signal+0x4e3/0x610
[  116.378473][ T2512]  copy_process+0x1149/0x3290
[  116.382983][ T2512]  ? proc_fail_nth_write+0x20b/0x290
[  116.388107][ T2512]  ? fsnotify_perm+0x6a/0x5d0
[  116.392617][ T2512]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  116.397563][ T2512]  ? vfs_write+0x9ec/0x1110
[  116.401903][ T2512]  kernel_clone+0x21e/0x9e0
[  116.406243][ T2512]  ? file_end_write+0x1c0/0x1c0
[  116.410934][ T2512]  ? create_io_thread+0x1e0/0x1e0
[  116.415786][ T2512]  ? mutex_unlock+0xb2/0x260
[  116.420212][ T2512]  ? __mutex_lock_slowpath+0x10/0x10
[  116.425337][ T2512]  __x64_sys_clone+0x23f/0x290
[  116.429936][ T2512]  ? __do_sys_vfork+0x130/0x130
[  116.434623][ T2512]  ? ksys_write+0x260/0x2c0
[  116.438967][ T2512]  ? debug_smp_processor_id+0x17/0x20
[  116.444167][ T2512]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  116.450074][ T2512]  ? exit_to_user_mode_prepare+0x39/0xa0
[  116.455541][ T2512]  do_syscall_64+0x3d/0xb0
[  116.459792][ T2512]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  116.465520][ T2512] RIP: 0033:0x7faae203fda9
[  116.469776][ T2512] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:31 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:31 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

[  116.489217][ T2512] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  116.497456][ T2512] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  116.505265][ T2512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  116.513077][ T2512] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  116.520891][ T2512] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  116.528704][ T2512] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  116.536518][ T2512]  </TASK>
21:57:31 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1b0f31f000, 0x0, 0x0, 0x0)

[  116.544558][ T2518] FAULT_INJECTION: forcing a failure.
[  116.544558][ T2518] name failslab, interval 1, probability 0, space 0, times 0
[  116.557476][ T2518] CPU: 1 PID: 2518 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  116.567565][ T2518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  116.577456][ T2518] Call Trace:
[  116.580583][ T2518]  <TASK>
[  116.583354][ T2518]  dump_stack_lvl+0x151/0x1b7
[  116.587870][ T2518]  ? io_uring_drop_tctx_refs+0x190/0x190
[  116.593339][ T2518]  dump_stack+0x15/0x17
[  116.597328][ T2518]  should_fail+0x3c6/0x510
[  116.601590][ T2518]  __should_failslab+0xa4/0xe0
[  116.606176][ T2518]  should_failslab+0x9/0x20
[  116.610517][ T2518]  slab_pre_alloc_hook+0x37/0xd0
[  116.615293][ T2518]  __kmalloc+0x6d/0x270
[  116.619282][ T2518]  ? kvmalloc_node+0x1f0/0x4d0
[  116.623884][ T2518]  kvmalloc_node+0x1f0/0x4d0
[  116.628309][ T2518]  ? vm_mmap+0xb0/0xb0
[  116.632214][ T2518]  ? __kasan_kmalloc+0x9/0x10
[  116.636730][ T2518]  ? kmem_cache_alloc_trace+0x115/0x210
[  116.642119][ T2518]  ? alloc_fdtable+0xaf/0x2a0
[  116.646624][ T2518]  alloc_fdtable+0x163/0x2a0
[  116.651049][ T2518]  dup_fd+0x759/0xb00
[  116.654870][ T2518]  ? avc_has_perm+0x16f/0x260
[  116.659384][ T2518]  copy_files+0xe6/0x200
[  116.663462][ T2518]  ? perf_event_attrs+0x30/0x30
[  116.668148][ T2518]  ? dup_task_struct+0xc60/0xc60
[  116.672922][ T2518]  ? security_task_alloc+0xf9/0x130
[  116.677955][ T2518]  copy_process+0x1080/0x3290
[  116.682481][ T2518]  ? proc_fail_nth_write+0x20b/0x290
[  116.687591][ T2518]  ? fsnotify_perm+0x6a/0x5d0
[  116.692102][ T2518]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  116.697050][ T2518]  ? vfs_write+0x9ec/0x1110
[  116.701392][ T2518]  kernel_clone+0x21e/0x9e0
[  116.705728][ T2518]  ? file_end_write+0x1c0/0x1c0
[  116.710418][ T2518]  ? create_io_thread+0x1e0/0x1e0
[  116.715276][ T2518]  ? mutex_unlock+0xb2/0x260
[  116.719704][ T2518]  ? __mutex_lock_slowpath+0x10/0x10
[  116.724823][ T2518]  __x64_sys_clone+0x23f/0x290
[  116.729430][ T2518]  ? __do_sys_vfork+0x130/0x130
[  116.734109][ T2518]  ? ksys_write+0x260/0x2c0
[  116.738466][ T2518]  ? debug_smp_processor_id+0x17/0x20
[  116.743667][ T2518]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  116.749568][ T2518]  ? exit_to_user_mode_prepare+0x39/0xa0
[  116.755060][ T2518]  do_syscall_64+0x3d/0xb0
[  116.759281][ T2518]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  116.765006][ T2518] RIP: 0033:0x7f7a0de6fda9
[  116.769263][ T2518] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  116.788813][ T2518] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  116.797051][ T2518] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  116.804864][ T2518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  116.812676][ T2518] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  116.820491][ T2518] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  116.828297][ T2518] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  116.836111][ T2518]  </TASK>
21:57:31 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

21:57:31 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

21:57:31 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x2a668e576000, 0x0, 0x0, 0x0)

[  116.839913][   T30] audit: type=1400 audit(1709330251.661:128): avc:  denied  { unlink } for  pid=82 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
21:57:31 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  116.888916][ T2523] FAULT_INJECTION: forcing a failure.
[  116.888916][ T2523] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  116.922526][ T2523] CPU: 0 PID: 2523 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  116.928294][ T2527] FAULT_INJECTION: forcing a failure.
21:57:31 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
getpid()
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  116.928294][ T2527] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  116.932610][ T2523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  116.932629][ T2523] Call Trace:
[  116.932637][ T2523]  <TASK>
[  116.961430][ T2523]  dump_stack_lvl+0x151/0x1b7
[  116.965939][ T2523]  ? io_uring_drop_tctx_refs+0x190/0x190
[  116.971409][ T2523]  dump_stack+0x15/0x17
[  116.975407][ T2523]  should_fail+0x3c6/0x510
[  116.979668][ T2523]  should_fail_alloc_page+0x5a/0x80
[  116.984686][ T2523]  prepare_alloc_pages+0x15c/0x700
[  116.989640][ T2523]  ? __alloc_pages_bulk+0xe40/0xe40
[  116.994681][ T2523]  __alloc_pages+0x18c/0x8f0
[  116.999096][ T2523]  ? prep_new_page+0x110/0x110
[  117.003699][ T2523]  ? __alloc_pages+0x27e/0x8f0
[  117.008299][ T2523]  ? __kasan_check_write+0x14/0x20
[  117.013237][ T2523]  ? _raw_spin_lock+0xa4/0x1b0
[  117.017849][ T2523]  pte_alloc_one+0x73/0x1b0
[  117.022180][ T2523]  ? pfn_modify_allowed+0x2f0/0x2f0
[  117.027213][ T2523]  ? __pmd_alloc+0x48d/0x550
[  117.031648][ T2523]  __pte_alloc+0x86/0x350
[  117.035804][ T2523]  ? __pud_alloc+0x260/0x260
[  117.040251][ T2523]  ? __pud_alloc+0x213/0x260
[  117.044657][ T2523]  ? free_pgtables+0x280/0x280
[  117.049257][ T2523]  ? do_handle_mm_fault+0x2330/0x2330
[  117.054469][ T2523]  ? __stack_depot_save+0x34/0x470
[  117.059414][ T2523]  ? anon_vma_clone+0x9a/0x500
[  117.064017][ T2523]  copy_page_range+0x28a8/0x2f90
[  117.068788][ T2523]  ? __kasan_slab_alloc+0xb1/0xe0
[  117.073646][ T2523]  ? slab_post_alloc_hook+0x53/0x2c0
[  117.078773][ T2523]  ? kernel_clone+0x21e/0x9e0
[  117.083289][ T2523]  ? do_syscall_64+0x3d/0xb0
[  117.087706][ T2523]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  117.093617][ T2523]  ? pfn_valid+0x1e0/0x1e0
[  117.097949][ T2523]  ? rwsem_write_trylock+0x15b/0x290
[  117.103072][ T2523]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  117.109332][ T2523]  copy_mm+0xc7e/0x13e0
[  117.113319][ T2523]  ? copy_signal+0x610/0x610
[  117.117736][ T2523]  ? __init_rwsem+0xd6/0x1c0
[  117.122165][ T2523]  ? copy_signal+0x4e3/0x610
[  117.126594][ T2523]  copy_process+0x1149/0x3290
[  117.131107][ T2523]  ? proc_fail_nth_write+0x20b/0x290
[  117.136234][ T2523]  ? fsnotify_perm+0x6a/0x5d0
[  117.140738][ T2523]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  117.145694][ T2523]  ? vfs_write+0x9ec/0x1110
[  117.150028][ T2523]  kernel_clone+0x21e/0x9e0
[  117.154368][ T2523]  ? file_end_write+0x1c0/0x1c0
[  117.159050][ T2523]  ? create_io_thread+0x1e0/0x1e0
[  117.163908][ T2523]  ? mutex_unlock+0xb2/0x260
[  117.168337][ T2523]  ? __mutex_lock_slowpath+0x10/0x10
[  117.173459][ T2523]  __x64_sys_clone+0x23f/0x290
[  117.178061][ T2523]  ? __do_sys_vfork+0x130/0x130
[  117.182748][ T2523]  ? ksys_write+0x260/0x2c0
[  117.187090][ T2523]  ? debug_smp_processor_id+0x17/0x20
[  117.192296][ T2523]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  117.198198][ T2523]  ? exit_to_user_mode_prepare+0x39/0xa0
[  117.203688][ T2523]  do_syscall_64+0x3d/0xb0
[  117.207919][ T2523]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  117.213643][ T2523] RIP: 0033:0x7f7a0de6fda9
[  117.217898][ T2523] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  117.237343][ T2523] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  117.245605][ T2523] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  117.253395][ T2523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  117.261226][ T2523] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  117.269015][ T2523] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  117.276828][ T2523] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  117.284643][ T2523]  </TASK>
[  117.289794][ T2527] CPU: 1 PID: 2527 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  117.299877][ T2527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  117.309784][ T2527] Call Trace:
[  117.312911][ T2527]  <TASK>
[  117.315680][ T2527]  dump_stack_lvl+0x151/0x1b7
[  117.320188][ T2527]  ? io_uring_drop_tctx_refs+0x190/0x190
[  117.325652][ T2527]  ? stack_trace_save+0x113/0x1c0
[  117.330512][ T2527]  ? stack_trace_snprint+0xf0/0xf0
[  117.335461][ T2527]  ? stack_trace_snprint+0xf0/0xf0
[  117.340414][ T2527]  dump_stack+0x15/0x17
[  117.344398][ T2527]  should_fail+0x3c6/0x510
[  117.348654][ T2527]  should_fail_alloc_page+0x5a/0x80
[  117.353685][ T2527]  prepare_alloc_pages+0x15c/0x700
[  117.358637][ T2527]  ? __alloc_pages_bulk+0xe40/0xe40
[  117.363670][ T2527]  ? __kasan_check_write+0x14/0x20
[  117.368616][ T2527]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[  117.374349][ T2527]  __alloc_pages+0x18c/0x8f0
[  117.378771][ T2527]  ? prep_new_page+0x110/0x110
[  117.383373][ T2527]  ? pcpu_alloc+0xda0/0x13e0
[  117.387802][ T2527]  __get_free_pages+0x10/0x30
[  117.392306][ T2527]  pgd_alloc+0x21/0x2c0
[  117.396301][ T2527]  mm_init+0x5c7/0x970
[  117.400205][ T2527]  copy_mm+0x1e3/0x13e0
[  117.404198][ T2527]  ? _raw_spin_lock+0xa4/0x1b0
[  117.408799][ T2527]  ? copy_signal+0x610/0x610
[  117.413231][ T2527]  ? __kasan_check_write+0x14/0x20
[  117.418171][ T2527]  ? __init_rwsem+0xd6/0x1c0
[  117.422596][ T2527]  ? copy_signal+0x4e3/0x610
[  117.427027][ T2527]  copy_process+0x1149/0x3290
[  117.431539][ T2527]  ? proc_fail_nth_write+0x20b/0x290
[  117.436659][ T2527]  ? fsnotify_perm+0x6a/0x5d0
[  117.441178][ T2527]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  117.446121][ T2527]  ? vfs_write+0x9ec/0x1110
[  117.450462][ T2527]  kernel_clone+0x21e/0x9e0
[  117.454798][ T2527]  ? file_end_write+0x1c0/0x1c0
[  117.459487][ T2527]  ? create_io_thread+0x1e0/0x1e0
[  117.464350][ T2527]  ? mutex_unlock+0xb2/0x260
[  117.468778][ T2527]  ? __mutex_lock_slowpath+0x10/0x10
[  117.473898][ T2527]  __x64_sys_clone+0x23f/0x290
[  117.478494][ T2527]  ? __do_sys_vfork+0x130/0x130
[  117.483177][ T2527]  ? ksys_write+0x260/0x2c0
[  117.487521][ T2527]  ? debug_smp_processor_id+0x17/0x20
[  117.492724][ T2527]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  117.498626][ T2527]  ? exit_to_user_mode_prepare+0x39/0xa0
[  117.504099][ T2527]  do_syscall_64+0x3d/0xb0
[  117.508351][ T2527]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  117.514081][ T2527] RIP: 0033:0x7faae203fda9
[  117.518331][ T2527] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:32 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x553a257ab000, 0x0, 0x0, 0x0)

21:57:32 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

[  117.537770][ T2527] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  117.546014][ T2527] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  117.553828][ T2527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  117.561725][ T2527] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  117.569536][ T2527] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  117.577350][ T2527] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  117.585161][ T2527]  </TASK>
21:57:32 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x2001000000000, 0x0, 0x0, 0x0)

21:57:32 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

21:57:32 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x8000000000000, 0x0, 0x0, 0x0)

[  117.649312][ T2539] FAULT_INJECTION: forcing a failure.
[  117.649312][ T2539] name failslab, interval 1, probability 0, space 0, times 0
[  117.676755][ T2539] CPU: 0 PID: 2539 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  117.683422][ T2543] FAULT_INJECTION: forcing a failure.
[  117.683422][ T2543] name failslab, interval 1, probability 0, space 0, times 0
[  117.686833][ T2539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  117.686850][ T2539] Call Trace:
[  117.686857][ T2539]  <TASK>
[  117.686864][ T2539]  dump_stack_lvl+0x151/0x1b7
[  117.686891][ T2539]  ? io_uring_drop_tctx_refs+0x190/0x190
[  117.725030][ T2539]  dump_stack+0x15/0x17
[  117.729017][ T2539]  should_fail+0x3c6/0x510
[  117.733272][ T2539]  __should_failslab+0xa4/0xe0
[  117.737874][ T2539]  ? vm_area_dup+0x26/0x230
[  117.742207][ T2539]  should_failslab+0x9/0x20
[  117.746546][ T2539]  slab_pre_alloc_hook+0x37/0xd0
[  117.751326][ T2539]  ? vm_area_dup+0x26/0x230
[  117.755661][ T2539]  kmem_cache_alloc+0x44/0x200
[  117.760261][ T2539]  vm_area_dup+0x26/0x230
[  117.764427][ T2539]  copy_mm+0x9a1/0x13e0
[  117.768442][ T2539]  ? copy_signal+0x610/0x610
[  117.772853][ T2539]  ? __init_rwsem+0xd6/0x1c0
[  117.777278][ T2539]  ? copy_signal+0x4e3/0x610
[  117.781701][ T2539]  copy_process+0x1149/0x3290
[  117.786214][ T2539]  ? proc_fail_nth_write+0x20b/0x290
[  117.791340][ T2539]  ? fsnotify_perm+0x6a/0x5d0
[  117.795846][ T2539]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  117.800798][ T2539]  ? vfs_write+0x9ec/0x1110
[  117.805136][ T2539]  kernel_clone+0x21e/0x9e0
[  117.809475][ T2539]  ? file_end_write+0x1c0/0x1c0
[  117.814162][ T2539]  ? create_io_thread+0x1e0/0x1e0
[  117.819019][ T2539]  ? mutex_unlock+0xb2/0x260
[  117.823451][ T2539]  ? __mutex_lock_slowpath+0x10/0x10
[  117.828568][ T2539]  __x64_sys_clone+0x23f/0x290
[  117.833257][ T2539]  ? __do_sys_vfork+0x130/0x130
[  117.837941][ T2539]  ? ksys_write+0x260/0x2c0
[  117.842285][ T2539]  ? debug_smp_processor_id+0x17/0x20
[  117.847490][ T2539]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  117.853392][ T2539]  ? exit_to_user_mode_prepare+0x39/0xa0
[  117.858861][ T2539]  do_syscall_64+0x3d/0xb0
[  117.863111][ T2539]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  117.868839][ T2539] RIP: 0033:0x7f7a0de6fda9
[  117.873096][ T2539] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:32 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  117.892539][ T2539] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  117.900785][ T2539] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  117.908593][ T2539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  117.916401][ T2539] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  117.924211][ T2539] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  117.932021][ T2539] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  117.939840][ T2539]  </TASK>
[  117.942700][ T2543] CPU: 1 PID: 2543 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  117.952770][ T2543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  117.962665][ T2543] Call Trace:
[  117.965787][ T2543]  <TASK>
[  117.968577][ T2543]  dump_stack_lvl+0x151/0x1b7
[  117.973075][ T2543]  ? io_uring_drop_tctx_refs+0x190/0x190
[  117.978542][ T2543]  ? __alloc_pages+0x27e/0x8f0
[  117.983142][ T2543]  dump_stack+0x15/0x17
[  117.987135][ T2543]  should_fail+0x3c6/0x510
[  117.991391][ T2543]  __should_failslab+0xa4/0xe0
[  117.995987][ T2543]  ? vm_area_dup+0x26/0x230
[  118.000328][ T2543]  should_failslab+0x9/0x20
[  118.004665][ T2543]  slab_pre_alloc_hook+0x37/0xd0
[  118.009443][ T2543]  ? vm_area_dup+0x26/0x230
[  118.013780][ T2543]  kmem_cache_alloc+0x44/0x200
[  118.018383][ T2543]  vm_area_dup+0x26/0x230
[  118.022553][ T2543]  copy_mm+0x9a1/0x13e0
[  118.026550][ T2543]  ? copy_signal+0x610/0x610
[  118.030967][ T2543]  ? __init_rwsem+0xd6/0x1c0
[  118.035396][ T2543]  ? copy_signal+0x4e3/0x610
[  118.039819][ T2543]  copy_process+0x1149/0x3290
[  118.044336][ T2543]  ? proc_fail_nth_write+0x20b/0x290
[  118.049455][ T2543]  ? fsnotify_perm+0x6a/0x5d0
[  118.053973][ T2543]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  118.058912][ T2543]  ? vfs_write+0x9ec/0x1110
[  118.063252][ T2543]  kernel_clone+0x21e/0x9e0
[  118.067593][ T2543]  ? file_end_write+0x1c0/0x1c0
[  118.072282][ T2543]  ? create_io_thread+0x1e0/0x1e0
[  118.077140][ T2543]  ? mutex_unlock+0xb2/0x260
[  118.081565][ T2543]  ? __mutex_lock_slowpath+0x10/0x10
[  118.086692][ T2543]  __x64_sys_clone+0x23f/0x290
[  118.091288][ T2543]  ? __do_sys_vfork+0x130/0x130
[  118.095975][ T2543]  ? ksys_write+0x260/0x2c0
[  118.100316][ T2543]  ? debug_smp_processor_id+0x17/0x20
[  118.105520][ T2543]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  118.111424][ T2543]  ? exit_to_user_mode_prepare+0x39/0xa0
[  118.116900][ T2543]  do_syscall_64+0x3d/0xb0
[  118.121142][ T2543]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  118.126874][ T2543] RIP: 0033:0x7faae203fda9
[  118.131125][ T2543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:33 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

21:57:33 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x60578e662a0000, 0x0, 0x0, 0x0)

21:57:33 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

[  118.150566][ T2543] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  118.158811][ T2543] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  118.166620][ T2543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  118.174432][ T2543] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  118.182245][ T2543] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  118.190056][ T2543] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  118.197878][ T2543]  </TASK>
[  118.249028][ T2553] FAULT_INJECTION: forcing a failure.
[  118.249028][ T2553] name failslab, interval 1, probability 0, space 0, times 0
[  118.261228][ T2555] FAULT_INJECTION: forcing a failure.
[  118.261228][ T2555] name failslab, interval 1, probability 0, space 0, times 0
[  118.261599][ T2553] CPU: 0 PID: 2553 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  118.283935][ T2553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  118.293834][ T2553] Call Trace:
[  118.296957][ T2553]  <TASK>
[  118.299731][ T2553]  dump_stack_lvl+0x151/0x1b7
[  118.304249][ T2553]  ? io_uring_drop_tctx_refs+0x190/0x190
[  118.309710][ T2553]  dump_stack+0x15/0x17
[  118.313718][ T2553]  should_fail+0x3c6/0x510
[  118.317958][ T2553]  __should_failslab+0xa4/0xe0
[  118.322568][ T2553]  ? vm_area_dup+0x26/0x230
[  118.326902][ T2553]  should_failslab+0x9/0x20
[  118.331231][ T2553]  slab_pre_alloc_hook+0x37/0xd0
[  118.336007][ T2553]  ? vm_area_dup+0x26/0x230
[  118.340346][ T2553]  kmem_cache_alloc+0x44/0x200
[  118.344968][ T2553]  vm_area_dup+0x26/0x230
[  118.349124][ T2553]  copy_mm+0x9a1/0x13e0
[  118.353122][ T2553]  ? copy_signal+0x610/0x610
[  118.357535][ T2553]  ? __init_rwsem+0xd6/0x1c0
[  118.361961][ T2553]  ? copy_signal+0x4e3/0x610
[  118.366385][ T2553]  copy_process+0x1149/0x3290
[  118.370900][ T2553]  ? proc_fail_nth_write+0x20b/0x290
[  118.376019][ T2553]  ? fsnotify_perm+0x6a/0x5d0
[  118.380532][ T2553]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  118.385481][ T2553]  ? vfs_write+0x9ec/0x1110
[  118.389825][ T2553]  kernel_clone+0x21e/0x9e0
[  118.394161][ T2553]  ? file_end_write+0x1c0/0x1c0
[  118.398844][ T2553]  ? create_io_thread+0x1e0/0x1e0
[  118.403707][ T2553]  ? mutex_unlock+0xb2/0x260
[  118.408133][ T2553]  ? __mutex_lock_slowpath+0x10/0x10
[  118.413269][ T2553]  __x64_sys_clone+0x23f/0x290
[  118.417855][ T2553]  ? __do_sys_vfork+0x130/0x130
[  118.422543][ T2553]  ? ksys_write+0x260/0x2c0
[  118.426881][ T2553]  ? debug_smp_processor_id+0x17/0x20
[  118.432087][ T2553]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  118.438004][ T2553]  ? exit_to_user_mode_prepare+0x39/0xa0
[  118.443466][ T2553]  do_syscall_64+0x3d/0xb0
[  118.447709][ T2553]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  118.453450][ T2553] RIP: 0033:0x7f7a0de6fda9
[  118.457692][ T2553] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  118.477136][ T2553] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  118.485380][ T2553] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:33 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x70000000000000, 0x0, 0x0, 0x0)

[  118.493190][ T2553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  118.501000][ T2553] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  118.508813][ T2553] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  118.516624][ T2553] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  118.524440][ T2553]  </TASK>
[  118.527303][ T2555] CPU: 1 PID: 2555 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  118.537373][ T2555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  118.547262][ T2555] Call Trace:
[  118.550385][ T2555]  <TASK>
[  118.553162][ T2555]  dump_stack_lvl+0x151/0x1b7
[  118.557675][ T2555]  ? io_uring_drop_tctx_refs+0x190/0x190
[  118.563155][ T2555]  dump_stack+0x15/0x17
[  118.567138][ T2555]  should_fail+0x3c6/0x510
[  118.571390][ T2555]  __should_failslab+0xa4/0xe0
[  118.575996][ T2555]  ? anon_vma_fork+0xf7/0x4e0
[  118.580500][ T2555]  should_failslab+0x9/0x20
[  118.584841][ T2555]  slab_pre_alloc_hook+0x37/0xd0
[  118.589614][ T2555]  ? anon_vma_fork+0xf7/0x4e0
[  118.594127][ T2555]  kmem_cache_alloc+0x44/0x200
[  118.598729][ T2555]  anon_vma_fork+0xf7/0x4e0
[  118.603091][ T2555]  ? anon_vma_name+0x4c/0x70
[  118.607493][ T2555]  ? vm_area_dup+0x17a/0x230
[  118.611922][ T2555]  copy_mm+0xa3a/0x13e0
[  118.615915][ T2555]  ? copy_signal+0x610/0x610
[  118.620339][ T2555]  ? __init_rwsem+0xd6/0x1c0
[  118.624773][ T2555]  ? copy_signal+0x4e3/0x610
[  118.629200][ T2555]  copy_process+0x1149/0x3290
[  118.633716][ T2555]  ? proc_fail_nth_write+0x20b/0x290
[  118.638833][ T2555]  ? fsnotify_perm+0x6a/0x5d0
[  118.643609][ T2555]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  118.648551][ T2555]  ? vfs_write+0x9ec/0x1110
[  118.652885][ T2555]  kernel_clone+0x21e/0x9e0
[  118.657226][ T2555]  ? file_end_write+0x1c0/0x1c0
[  118.661918][ T2555]  ? create_io_thread+0x1e0/0x1e0
[  118.666782][ T2555]  ? mutex_unlock+0xb2/0x260
[  118.671199][ T2555]  ? __mutex_lock_slowpath+0x10/0x10
[  118.676325][ T2555]  __x64_sys_clone+0x23f/0x290
[  118.680918][ T2555]  ? __do_sys_vfork+0x130/0x130
[  118.685603][ T2555]  ? ksys_write+0x260/0x2c0
[  118.689946][ T2555]  ? debug_smp_processor_id+0x17/0x20
[  118.695294][ T2555]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  118.701206][ T2555]  ? exit_to_user_mode_prepare+0x39/0xa0
[  118.706675][ T2555]  do_syscall_64+0x3d/0xb0
[  118.710938][ T2555]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  118.716768][ T2555] RIP: 0033:0x7faae203fda9
[  118.721142][ T2555] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  118.740583][ T2555] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:33 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
getpid()
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:33 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:33 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

[  118.748822][ T2555] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  118.756638][ T2555] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  118.764573][ T2555] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  118.772370][ T2555] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  118.780186][ T2555] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  118.787998][ T2555]  </TASK>
21:57:33 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

21:57:33 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xb07a253a550000, 0x0, 0x0, 0x0)

[  118.839445][ T2559] FAULT_INJECTION: forcing a failure.
[  118.839445][ T2559] name failslab, interval 1, probability 0, space 0, times 0
[  118.866721][ T2559] CPU: 0 PID: 2559 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  118.877316][ T2559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  118.887216][ T2559] Call Trace:
[  118.890338][ T2559]  <TASK>
[  118.893224][ T2559]  dump_stack_lvl+0x151/0x1b7
[  118.897908][ T2559]  ? io_uring_drop_tctx_refs+0x190/0x190
[  118.903361][ T2559]  ? slab_post_alloc_hook+0x53/0x2c0
[  118.908476][ T2559]  ? kernel_clone+0x21e/0x9e0
[  118.912987][ T2559]  ? do_syscall_64+0x3d/0xb0
[  118.917535][ T2559]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  118.923555][ T2559]  dump_stack+0x15/0x17
[  118.927740][ T2559]  should_fail+0x3c6/0x510
[  118.928918][ T2564] FAULT_INJECTION: forcing a failure.
[  118.928918][ T2564] name failslab, interval 1, probability 0, space 0, times 0
[  118.932095][ T2559]  __should_failslab+0xa4/0xe0
[  118.932128][ T2559]  ? copy_mm+0x192/0x13e0
[  118.953269][ T2559]  should_failslab+0x9/0x20
[  118.957606][ T2559]  slab_pre_alloc_hook+0x37/0xd0
[  118.962381][ T2559]  ? copy_mm+0x192/0x13e0
[  118.966544][ T2559]  kmem_cache_alloc+0x44/0x200
[  118.971146][ T2559]  copy_mm+0x192/0x13e0
[  118.975139][ T2559]  ? _raw_spin_lock+0xa4/0x1b0
[  118.979737][ T2559]  ? copy_signal+0x610/0x610
[  118.984162][ T2559]  ? __kasan_check_write+0x14/0x20
[  118.989117][ T2559]  ? __init_rwsem+0xd6/0x1c0
[  118.993540][ T2559]  ? copy_signal+0x4e3/0x610
[  118.997997][ T2559]  copy_process+0x1149/0x3290
[  119.002485][ T2559]  ? proc_fail_nth_write+0x20b/0x290
[  119.007602][ T2559]  ? fsnotify_perm+0x6a/0x5d0
[  119.012137][ T2559]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  119.017058][ T2559]  ? vfs_write+0x9ec/0x1110
[  119.021399][ T2559]  kernel_clone+0x21e/0x9e0
[  119.025737][ T2559]  ? file_end_write+0x1c0/0x1c0
[  119.030429][ T2559]  ? create_io_thread+0x1e0/0x1e0
[  119.035288][ T2559]  ? mutex_unlock+0xb2/0x260
[  119.039714][ T2559]  ? __mutex_lock_slowpath+0x10/0x10
[  119.044835][ T2559]  __x64_sys_clone+0x23f/0x290
[  119.049434][ T2559]  ? __do_sys_vfork+0x130/0x130
[  119.054116][ T2559]  ? ksys_write+0x260/0x2c0
[  119.058462][ T2559]  ? debug_smp_processor_id+0x17/0x20
[  119.063672][ T2559]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  119.069566][ T2559]  ? exit_to_user_mode_prepare+0x39/0xa0
[  119.075036][ T2559]  do_syscall_64+0x3d/0xb0
[  119.079293][ T2559]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  119.085018][ T2559] RIP: 0033:0x7f7a0de6fda9
[  119.089272][ T2559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  119.108712][ T2559] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  119.116956][ T2559] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  119.124768][ T2559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  119.132578][ T2559] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  119.140388][ T2559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  119.148203][ T2559] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  119.156021][ T2559]  </TASK>
[  119.179158][ T2564] CPU: 1 PID: 2564 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  119.189247][ T2564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  119.199137][ T2564] Call Trace:
[  119.202260][ T2564]  <TASK>
[  119.205035][ T2564]  dump_stack_lvl+0x151/0x1b7
[  119.209549][ T2564]  ? io_uring_drop_tctx_refs+0x190/0x190
[  119.215105][ T2564]  dump_stack+0x15/0x17
[  119.219095][ T2564]  should_fail+0x3c6/0x510
[  119.223347][ T2564]  __should_failslab+0xa4/0xe0
[  119.227948][ T2564]  ? anon_vma_clone+0x9a/0x500
[  119.232545][ T2564]  should_failslab+0x9/0x20
[  119.236888][ T2564]  slab_pre_alloc_hook+0x37/0xd0
[  119.241659][ T2564]  ? anon_vma_clone+0x9a/0x500
[  119.246262][ T2564]  kmem_cache_alloc+0x44/0x200
[  119.250862][ T2564]  anon_vma_clone+0x9a/0x500
[  119.255289][ T2564]  anon_vma_fork+0x91/0x4e0
[  119.259628][ T2564]  ? anon_vma_name+0x4c/0x70
[  119.264054][ T2564]  ? vm_area_dup+0x17a/0x230
[  119.268481][ T2564]  copy_mm+0xa3a/0x13e0
[  119.272476][ T2564]  ? copy_signal+0x610/0x610
[  119.276897][ T2564]  ? __init_rwsem+0xd6/0x1c0
[  119.281323][ T2564]  ? copy_signal+0x4e3/0x610
[  119.285752][ T2564]  copy_process+0x1149/0x3290
[  119.290266][ T2564]  ? proc_fail_nth_write+0x20b/0x290
[  119.295387][ T2564]  ? fsnotify_perm+0x6a/0x5d0
[  119.299898][ T2564]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  119.304854][ T2564]  ? vfs_write+0x9ec/0x1110
[  119.309185][ T2564]  kernel_clone+0x21e/0x9e0
[  119.313525][ T2564]  ? file_end_write+0x1c0/0x1c0
[  119.318214][ T2564]  ? create_io_thread+0x1e0/0x1e0
[  119.323071][ T2564]  ? mutex_unlock+0xb2/0x260
[  119.327500][ T2564]  ? __mutex_lock_slowpath+0x10/0x10
[  119.332620][ T2564]  __x64_sys_clone+0x23f/0x290
[  119.337220][ T2564]  ? __do_sys_vfork+0x130/0x130
[  119.341904][ T2564]  ? ksys_write+0x260/0x2c0
[  119.346246][ T2564]  ? debug_smp_processor_id+0x17/0x20
[  119.351450][ T2564]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  119.357357][ T2564]  ? exit_to_user_mode_prepare+0x39/0xa0
[  119.362822][ T2564]  do_syscall_64+0x3d/0xb0
[  119.367078][ T2564]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  119.372802][ T2564] RIP: 0033:0x7faae203fda9
21:57:34 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

[  119.377059][ T2564] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  119.396498][ T2564] RSP: 002b:00007faae0da0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  119.404743][ T2564] RAX: ffffffffffffffda RBX: 00007faae216e050 RCX: 00007faae203fda9
[  119.412553][ T2564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  119.420366][ T2564] RBP: 00007faae0da0120 R08: 0000000000000000 R09: 0000000000000000
[  119.428179][ T2564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:34 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xf0310f1b000000, 0x0, 0x0, 0x0)

21:57:34 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  119.435988][ T2564] R13: 000000000000006e R14: 00007faae216e050 R15: 00007ffcc786d3b8
[  119.443805][ T2564]  </TASK>
[  119.454005][ T2570] FAULT_INJECTION: forcing a failure.
[  119.454005][ T2570] name failslab, interval 1, probability 0, space 0, times 0
[  119.496040][ T2570] CPU: 0 PID: 2570 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  119.506124][ T2570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  119.516018][ T2570] Call Trace:
[  119.519143][ T2570]  <TASK>
[  119.521917][ T2570]  dump_stack_lvl+0x151/0x1b7
[  119.526433][ T2570]  ? io_uring_drop_tctx_refs+0x190/0x190
[  119.531904][ T2570]  dump_stack+0x15/0x17
[  119.535885][ T2570]  should_fail+0x3c6/0x510
[  119.540142][ T2570]  __should_failslab+0xa4/0xe0
[  119.544740][ T2570]  ? anon_vma_clone+0x9a/0x500
[  119.549339][ T2570]  should_failslab+0x9/0x20
[  119.553683][ T2570]  slab_pre_alloc_hook+0x37/0xd0
[  119.558455][ T2570]  ? anon_vma_clone+0x9a/0x500
[  119.563054][ T2570]  kmem_cache_alloc+0x44/0x200
[  119.567655][ T2570]  anon_vma_clone+0x9a/0x500
[  119.572086][ T2570]  anon_vma_fork+0x91/0x4e0
[  119.576419][ T2570]  ? anon_vma_name+0x4c/0x70
[  119.580849][ T2570]  ? vm_area_dup+0x17a/0x230
[  119.585275][ T2570]  copy_mm+0xa3a/0x13e0
[  119.589270][ T2570]  ? copy_signal+0x610/0x610
[  119.593689][ T2570]  ? __init_rwsem+0xd6/0x1c0
[  119.598122][ T2570]  ? copy_signal+0x4e3/0x610
[  119.602545][ T2570]  copy_process+0x1149/0x3290
[  119.607062][ T2570]  ? proc_fail_nth_write+0x20b/0x290
[  119.612181][ T2570]  ? fsnotify_perm+0x6a/0x5d0
[  119.616692][ T2570]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  119.621641][ T2570]  ? vfs_write+0x9ec/0x1110
[  119.625982][ T2570]  kernel_clone+0x21e/0x9e0
[  119.630321][ T2570]  ? file_end_write+0x1c0/0x1c0
[  119.635004][ T2570]  ? create_io_thread+0x1e0/0x1e0
[  119.639868][ T2570]  ? mutex_unlock+0xb2/0x260
[  119.644291][ T2570]  ? __mutex_lock_slowpath+0x10/0x10
[  119.649523][ T2570]  __x64_sys_clone+0x23f/0x290
[  119.654120][ T2570]  ? __do_sys_vfork+0x130/0x130
[  119.658805][ T2570]  ? ksys_write+0x260/0x2c0
[  119.663147][ T2570]  ? debug_smp_processor_id+0x17/0x20
[  119.668354][ T2570]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  119.674261][ T2570]  ? exit_to_user_mode_prepare+0x39/0xa0
[  119.679726][ T2570]  do_syscall_64+0x3d/0xb0
[  119.683980][ T2570]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  119.689709][ T2570] RIP: 0033:0x7f7a0de6fda9
[  119.693958][ T2570] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  119.713405][ T2570] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  119.721640][ T2570] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  119.729454][ T2570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  119.737266][ T2570] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
21:57:34 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xf0ff1f00000000, 0x0, 0x0, 0x0)

21:57:34 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

[  119.745076][ T2570] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  119.752884][ T2570] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  119.760701][ T2570]  </TASK>
21:57:34 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x100000000000000, 0x0, 0x0, 0x0)

[  119.790293][ T2580] FAULT_INJECTION: forcing a failure.
[  119.790293][ T2580] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  119.810802][ T2580] CPU: 1 PID: 2580 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  119.820884][ T2580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  119.830782][ T2580] Call Trace:
[  119.834035][ T2580]  <TASK>
[  119.836768][ T2580]  dump_stack_lvl+0x151/0x1b7
[  119.841273][ T2580]  ? io_uring_drop_tctx_refs+0x190/0x190
[  119.846756][ T2580]  dump_stack+0x15/0x17
[  119.850734][ T2580]  should_fail+0x3c6/0x510
[  119.854989][ T2580]  should_fail_alloc_page+0x5a/0x80
[  119.860019][ T2580]  prepare_alloc_pages+0x15c/0x700
[  119.864967][ T2580]  ? __alloc_pages_bulk+0xe40/0xe40
[  119.870002][ T2580]  __alloc_pages+0x18c/0x8f0
[  119.874428][ T2580]  ? prep_new_page+0x110/0x110
[  119.879031][ T2580]  get_zeroed_page+0x1b/0x40
[  119.883454][ T2580]  __pud_alloc+0x8b/0x260
[  119.887622][ T2580]  ? stack_trace_snprint+0xf0/0xf0
[  119.892566][ T2580]  ? do_handle_mm_fault+0x2330/0x2330
[  119.897780][ T2580]  ? __stack_depot_save+0x34/0x470
[  119.902721][ T2580]  ? anon_vma_clone+0x9a/0x500
[  119.907328][ T2580]  copy_page_range+0x2bcf/0x2f90
[  119.912182][ T2580]  ? __kasan_slab_alloc+0xb1/0xe0
[  119.917043][ T2580]  ? slab_post_alloc_hook+0x53/0x2c0
[  119.922169][ T2580]  ? copy_mm+0xa3a/0x13e0
[  119.926328][ T2580]  ? copy_process+0x1149/0x3290
[  119.931015][ T2580]  ? kernel_clone+0x21e/0x9e0
[  119.935528][ T2580]  ? __x64_sys_clone+0x23f/0x290
[  119.940303][ T2580]  ? do_syscall_64+0x3d/0xb0
[  119.944729][ T2580]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  119.950640][ T2580]  ? pfn_valid+0x1e0/0x1e0
[  119.954885][ T2580]  ? rwsem_write_trylock+0x15b/0x290
[  119.960005][ T2580]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  119.966255][ T2580]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  119.971810][ T2580]  ? __rb_insert_augmented+0x5de/0x610
[  119.977108][ T2580]  copy_mm+0xc7e/0x13e0
[  119.981099][ T2580]  ? copy_signal+0x610/0x610
[  119.985521][ T2580]  ? __init_rwsem+0xd6/0x1c0
[  119.989949][ T2580]  ? copy_signal+0x4e3/0x610
[  119.994377][ T2580]  copy_process+0x1149/0x3290
[  119.998892][ T2580]  ? proc_fail_nth_write+0x20b/0x290
[  120.004010][ T2580]  ? fsnotify_perm+0x6a/0x5d0
[  120.008525][ T2580]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  120.013470][ T2580]  ? vfs_write+0x9ec/0x1110
[  120.017816][ T2580]  kernel_clone+0x21e/0x9e0
[  120.022149][ T2580]  ? file_end_write+0x1c0/0x1c0
[  120.026839][ T2580]  ? create_io_thread+0x1e0/0x1e0
[  120.031721][ T2580]  ? mutex_unlock+0xb2/0x260
[  120.036123][ T2580]  ? __mutex_lock_slowpath+0x10/0x10
[  120.041245][ T2580]  __x64_sys_clone+0x23f/0x290
[  120.045848][ T2580]  ? __do_sys_vfork+0x130/0x130
[  120.050529][ T2580]  ? ksys_write+0x260/0x2c0
[  120.054870][ T2580]  ? debug_smp_processor_id+0x17/0x20
[  120.060082][ T2580]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  120.065980][ T2580]  ? exit_to_user_mode_prepare+0x39/0xa0
[  120.071451][ T2580]  do_syscall_64+0x3d/0xb0
[  120.075701][ T2580]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  120.081432][ T2580] RIP: 0033:0x7faae203fda9
[  120.085681][ T2580] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  120.105131][ T2580] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  120.113369][ T2580] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  120.121181][ T2580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  120.128991][ T2580] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:34 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

21:57:35 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:35 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x200000000000000, 0x0, 0x0, 0x0)

21:57:35 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

[  120.136804][ T2580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  120.144612][ T2580] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  120.152426][ T2580]  </TASK>
[  120.179043][ T2584] FAULT_INJECTION: forcing a failure.
[  120.179043][ T2584] name failslab, interval 1, probability 0, space 0, times 0
[  120.200346][ T2584] CPU: 0 PID: 2584 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  120.210433][ T2584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  120.211685][ T2590] FAULT_INJECTION: forcing a failure.
[  120.211685][ T2590] name failslab, interval 1, probability 0, space 0, times 0
[  120.220324][ T2584] Call Trace:
[  120.220333][ T2584]  <TASK>
[  120.220343][ T2584]  dump_stack_lvl+0x151/0x1b7
[  120.220370][ T2584]  ? io_uring_drop_tctx_refs+0x190/0x190
[  120.220394][ T2584]  dump_stack+0x15/0x17
[  120.252610][ T2584]  should_fail+0x3c6/0x510
[  120.256861][ T2584]  __should_failslab+0xa4/0xe0
[  120.261464][ T2584]  ? anon_vma_clone+0x9a/0x500
[  120.266064][ T2584]  should_failslab+0x9/0x20
[  120.270404][ T2584]  slab_pre_alloc_hook+0x37/0xd0
[  120.275174][ T2584]  ? anon_vma_clone+0x9a/0x500
[  120.279773][ T2584]  kmem_cache_alloc+0x44/0x200
[  120.284374][ T2584]  anon_vma_clone+0x9a/0x500
[  120.288809][ T2584]  anon_vma_fork+0x91/0x4e0
[  120.293141][ T2584]  ? anon_vma_name+0x4c/0x70
[  120.297573][ T2584]  ? vm_area_dup+0x17a/0x230
[  120.301991][ T2584]  copy_mm+0xa3a/0x13e0
[  120.306014][ T2584]  ? copy_signal+0x610/0x610
[  120.310410][ T2584]  ? __init_rwsem+0xd6/0x1c0
[  120.314836][ T2584]  ? copy_signal+0x4e3/0x610
[  120.319265][ T2584]  copy_process+0x1149/0x3290
[  120.323795][ T2584]  ? proc_fail_nth_write+0x20b/0x290
[  120.328901][ T2584]  ? fsnotify_perm+0x6a/0x5d0
[  120.333413][ T2584]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  120.338445][ T2584]  ? vfs_write+0x9ec/0x1110
[  120.342786][ T2584]  kernel_clone+0x21e/0x9e0
[  120.347131][ T2584]  ? file_end_write+0x1c0/0x1c0
[  120.351826][ T2584]  ? create_io_thread+0x1e0/0x1e0
[  120.356673][ T2584]  ? mutex_unlock+0xb2/0x260
[  120.361102][ T2584]  ? __mutex_lock_slowpath+0x10/0x10
[  120.366218][ T2584]  __x64_sys_clone+0x23f/0x290
[  120.370821][ T2584]  ? __do_sys_vfork+0x130/0x130
[  120.375505][ T2584]  ? ksys_write+0x260/0x2c0
[  120.379846][ T2584]  ? debug_smp_processor_id+0x17/0x20
[  120.385053][ T2584]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  120.390957][ T2584]  ? exit_to_user_mode_prepare+0x39/0xa0
[  120.396448][ T2584]  do_syscall_64+0x3d/0xb0
[  120.400676][ T2584]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  120.406407][ T2584] RIP: 0033:0x7f7a0de6fda9
[  120.410678][ T2584] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  120.430107][ T2584] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  120.438342][ T2584] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:35 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  120.446153][ T2584] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  120.453967][ T2584] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  120.461779][ T2584] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  120.469589][ T2584] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  120.477410][ T2584]  </TASK>
[  120.480266][ T2590] CPU: 1 PID: 2590 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  120.490337][ T2590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  120.500240][ T2590] Call Trace:
[  120.503353][ T2590]  <TASK>
[  120.506132][ T2590]  dump_stack_lvl+0x151/0x1b7
[  120.510647][ T2590]  ? io_uring_drop_tctx_refs+0x190/0x190
[  120.516116][ T2590]  dump_stack+0x15/0x17
[  120.520106][ T2590]  should_fail+0x3c6/0x510
[  120.524361][ T2590]  __should_failslab+0xa4/0xe0
[  120.528964][ T2590]  ? anon_vma_fork+0x1df/0x4e0
[  120.533560][ T2590]  should_failslab+0x9/0x20
[  120.537908][ T2590]  slab_pre_alloc_hook+0x37/0xd0
[  120.542673][ T2590]  ? anon_vma_fork+0x1df/0x4e0
[  120.547272][ T2590]  kmem_cache_alloc+0x44/0x200
[  120.551874][ T2590]  anon_vma_fork+0x1df/0x4e0
[  120.556329][ T2590]  copy_mm+0xa3a/0x13e0
[  120.560294][ T2590]  ? copy_signal+0x610/0x610
[  120.564720][ T2590]  ? __init_rwsem+0xd6/0x1c0
[  120.569144][ T2590]  ? copy_signal+0x4e3/0x610
[  120.573590][ T2590]  copy_process+0x1149/0x3290
[  120.578095][ T2590]  ? proc_fail_nth_write+0x20b/0x290
[  120.583208][ T2590]  ? fsnotify_perm+0x6a/0x5d0
[  120.587719][ T2590]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  120.592663][ T2590]  ? vfs_write+0x9ec/0x1110
[  120.597008][ T2590]  kernel_clone+0x21e/0x9e0
[  120.601341][ T2590]  ? file_end_write+0x1c0/0x1c0
[  120.606036][ T2590]  ? create_io_thread+0x1e0/0x1e0
[  120.610893][ T2590]  ? mutex_unlock+0xb2/0x260
[  120.615315][ T2590]  ? __mutex_lock_slowpath+0x10/0x10
[  120.620438][ T2590]  __x64_sys_clone+0x23f/0x290
[  120.625040][ T2590]  ? __do_sys_vfork+0x130/0x130
[  120.629724][ T2590]  ? ksys_write+0x260/0x2c0
[  120.634152][ T2590]  ? debug_smp_processor_id+0x17/0x20
[  120.639356][ T2590]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  120.645256][ T2590]  ? exit_to_user_mode_prepare+0x39/0xa0
[  120.650727][ T2590]  do_syscall_64+0x3d/0xb0
[  120.654979][ T2590]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  120.660708][ T2590] RIP: 0033:0x7faae203fda9
[  120.664960][ T2590] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  120.684401][ T2590] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  120.692645][ T2590] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:35 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

21:57:35 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x700000000000000, 0x0, 0x0, 0x0)

21:57:35 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

[  120.700456][ T2590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  120.708266][ T2590] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  120.716078][ T2590] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  120.723888][ T2590] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  120.731704][ T2590]  </TASK>
[  120.795242][ T2601] FAULT_INJECTION: forcing a failure.
[  120.795242][ T2601] name failslab, interval 1, probability 0, space 0, times 0
[  120.799294][ T2597] FAULT_INJECTION: forcing a failure.
[  120.799294][ T2597] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  120.807864][ T2601] CPU: 0 PID: 2601 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  120.830755][ T2601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  120.840822][ T2601] Call Trace:
[  120.843945][ T2601]  <TASK>
[  120.846726][ T2601]  dump_stack_lvl+0x151/0x1b7
[  120.851235][ T2601]  ? io_uring_drop_tctx_refs+0x190/0x190
[  120.856708][ T2601]  ? __alloc_pages+0x27e/0x8f0
[  120.861307][ T2601]  dump_stack+0x15/0x17
[  120.865295][ T2601]  should_fail+0x3c6/0x510
[  120.869550][ T2601]  __should_failslab+0xa4/0xe0
[  120.874150][ T2601]  ? vm_area_dup+0x26/0x230
[  120.878485][ T2601]  should_failslab+0x9/0x20
[  120.882831][ T2601]  slab_pre_alloc_hook+0x37/0xd0
[  120.887600][ T2601]  ? vm_area_dup+0x26/0x230
[  120.891943][ T2601]  kmem_cache_alloc+0x44/0x200
[  120.896546][ T2601]  vm_area_dup+0x26/0x230
[  120.900711][ T2601]  copy_mm+0x9a1/0x13e0
[  120.904702][ T2601]  ? copy_signal+0x610/0x610
[  120.909130][ T2601]  ? __init_rwsem+0xd6/0x1c0
[  120.913551][ T2601]  ? copy_signal+0x4e3/0x610
[  120.917993][ T2601]  copy_process+0x1149/0x3290
[  120.922494][ T2601]  ? proc_fail_nth_write+0x20b/0x290
[  120.927612][ T2601]  ? fsnotify_perm+0x6a/0x5d0
[  120.932132][ T2601]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  120.937075][ T2601]  ? vfs_write+0x9ec/0x1110
[  120.941411][ T2601]  kernel_clone+0x21e/0x9e0
[  120.945750][ T2601]  ? file_end_write+0x1c0/0x1c0
[  120.950441][ T2601]  ? create_io_thread+0x1e0/0x1e0
[  120.955299][ T2601]  ? mutex_unlock+0xb2/0x260
[  120.959725][ T2601]  ? __mutex_lock_slowpath+0x10/0x10
[  120.964851][ T2601]  __x64_sys_clone+0x23f/0x290
[  120.969449][ T2601]  ? __do_sys_vfork+0x130/0x130
[  120.974132][ T2601]  ? ksys_write+0x260/0x2c0
[  120.978479][ T2601]  ? debug_smp_processor_id+0x17/0x20
[  120.983678][ T2601]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  120.989586][ T2601]  ? exit_to_user_mode_prepare+0x39/0xa0
[  120.995050][ T2601]  do_syscall_64+0x3d/0xb0
[  120.999305][ T2601]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  121.005034][ T2601] RIP: 0033:0x7f7a0de6fda9
[  121.009286][ T2601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  121.028726][ T2601] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  121.036971][ T2601] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  121.044781][ T2601] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  121.052596][ T2601] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  121.060407][ T2601] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  121.068216][ T2601] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  121.076036][ T2601]  </TASK>
[  121.078899][ T2597] CPU: 1 PID: 2597 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  121.088961][ T2597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  121.098853][ T2597] Call Trace:
[  121.101993][ T2597]  <TASK>
[  121.104756][ T2597]  dump_stack_lvl+0x151/0x1b7
[  121.109271][ T2597]  ? io_uring_drop_tctx_refs+0x190/0x190
[  121.114744][ T2597]  dump_stack+0x15/0x17
[  121.118726][ T2597]  should_fail+0x3c6/0x510
[  121.122983][ T2597]  should_fail_alloc_page+0x5a/0x80
[  121.128023][ T2597]  prepare_alloc_pages+0x15c/0x700
[  121.132962][ T2597]  ? __alloc_pages_bulk+0xe40/0xe40
[  121.138006][ T2597]  __alloc_pages+0x18c/0x8f0
[  121.142421][ T2597]  ? prep_new_page+0x110/0x110
[  121.147026][ T2597]  get_zeroed_page+0x1b/0x40
[  121.151447][ T2597]  __pud_alloc+0x8b/0x260
[  121.155617][ T2597]  ? stack_trace_snprint+0xf0/0xf0
[  121.160559][ T2597]  ? do_handle_mm_fault+0x2330/0x2330
[  121.165768][ T2597]  ? __stack_depot_save+0x34/0x470
[  121.170717][ T2597]  ? anon_vma_clone+0x9a/0x500
[  121.175318][ T2597]  copy_page_range+0x2bcf/0x2f90
[  121.180093][ T2597]  ? __kasan_slab_alloc+0xb1/0xe0
[  121.184951][ T2597]  ? slab_post_alloc_hook+0x53/0x2c0
[  121.190069][ T2597]  ? copy_mm+0xa3a/0x13e0
[  121.194243][ T2597]  ? copy_process+0x1149/0x3290
[  121.198924][ T2597]  ? kernel_clone+0x21e/0x9e0
[  121.203437][ T2597]  ? __x64_sys_clone+0x23f/0x290
[  121.208209][ T2597]  ? do_syscall_64+0x3d/0xb0
[  121.212650][ T2597]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  121.218546][ T2597]  ? pfn_valid+0x1e0/0x1e0
[  121.222792][ T2597]  ? rwsem_write_trylock+0x15b/0x290
[  121.227914][ T2597]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  121.234166][ T2597]  copy_mm+0xc7e/0x13e0
[  121.238160][ T2597]  ? copy_signal+0x610/0x610
[  121.242582][ T2597]  ? __init_rwsem+0xd6/0x1c0
[  121.247008][ T2597]  ? copy_signal+0x4e3/0x610
[  121.251436][ T2597]  copy_process+0x1149/0x3290
[  121.255949][ T2597]  ? proc_fail_nth_write+0x20b/0x290
[  121.261068][ T2597]  ? fsnotify_perm+0x6a/0x5d0
[  121.265580][ T2597]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  121.270526][ T2597]  ? vfs_write+0x9ec/0x1110
[  121.274871][ T2597]  kernel_clone+0x21e/0x9e0
[  121.279209][ T2597]  ? file_end_write+0x1c0/0x1c0
[  121.283896][ T2597]  ? create_io_thread+0x1e0/0x1e0
[  121.288754][ T2597]  ? mutex_unlock+0xb2/0x260
[  121.293181][ T2597]  ? __mutex_lock_slowpath+0x10/0x10
[  121.298304][ T2597]  __x64_sys_clone+0x23f/0x290
[  121.302901][ T2597]  ? __do_sys_vfork+0x130/0x130
[  121.307587][ T2597]  ? ksys_write+0x260/0x2c0
[  121.311930][ T2597]  ? debug_smp_processor_id+0x17/0x20
[  121.317137][ T2597]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  121.323038][ T2597]  ? exit_to_user_mode_prepare+0x39/0xa0
[  121.328508][ T2597]  do_syscall_64+0x3d/0xb0
[  121.332759][ T2597]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  121.338488][ T2597] RIP: 0033:0x7faae203fda9
[  121.342740][ T2597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  121.362181][ T2597] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  121.370423][ T2597] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  121.378238][ T2597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  121.386047][ T2597] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:35 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x800000000000000, 0x0, 0x0, 0x0)

21:57:36 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:36 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

21:57:36 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

21:57:36 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x900000000000000, 0x0, 0x0, 0x0)

[  121.393860][ T2597] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  121.401670][ T2597] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  121.409488][ T2597]  </TASK>
21:57:36 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  121.484754][ T2611] FAULT_INJECTION: forcing a failure.
[  121.484754][ T2611] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  121.502729][ T2610] FAULT_INJECTION: forcing a failure.
[  121.502729][ T2610] name failslab, interval 1, probability 0, space 0, times 0
[  121.519763][ T2611] CPU: 1 PID: 2611 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  121.529846][ T2611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  121.539757][ T2611] Call Trace:
[  121.542866][ T2611]  <TASK>
[  121.545641][ T2611]  dump_stack_lvl+0x151/0x1b7
[  121.550165][ T2611]  ? io_uring_drop_tctx_refs+0x190/0x190
[  121.555627][ T2611]  dump_stack+0x15/0x17
[  121.559624][ T2611]  should_fail+0x3c6/0x510
[  121.563875][ T2611]  should_fail_alloc_page+0x5a/0x80
[  121.568902][ T2611]  prepare_alloc_pages+0x15c/0x700
[  121.573851][ T2611]  ? __alloc_pages_bulk+0xe40/0xe40
[  121.578897][ T2611]  __alloc_pages+0x18c/0x8f0
[  121.583309][ T2611]  ? prep_new_page+0x110/0x110
[  121.587907][ T2611]  ? __alloc_pages+0x27e/0x8f0
[  121.592510][ T2611]  ? __kasan_check_write+0x14/0x20
[  121.597461][ T2611]  ? _raw_spin_lock+0xa4/0x1b0
[  121.602057][ T2611]  __pmd_alloc+0xb1/0x550
[  121.606238][ T2611]  ? __pud_alloc+0x260/0x260
[  121.610649][ T2611]  ? __pud_alloc+0x213/0x260
[  121.615077][ T2611]  ? do_handle_mm_fault+0x2330/0x2330
[  121.620286][ T2611]  ? __stack_depot_save+0x34/0x470
[  121.625228][ T2611]  ? anon_vma_clone+0x9a/0x500
[  121.629833][ T2611]  copy_page_range+0x2b3d/0x2f90
21:57:36 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x1f00000000000000, 0x0, 0x0, 0x0)

[  121.634603][ T2611]  ? __kasan_slab_alloc+0xb1/0xe0
[  121.639462][ T2611]  ? slab_post_alloc_hook+0x53/0x2c0
[  121.644589][ T2611]  ? copy_mm+0xa3a/0x13e0
[  121.648748][ T2611]  ? copy_process+0x1149/0x3290
[  121.653440][ T2611]  ? kernel_clone+0x21e/0x9e0
[  121.657952][ T2611]  ? do_syscall_64+0x3d/0xb0
[  121.662376][ T2611]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  121.668287][ T2611]  ? pfn_valid+0x1e0/0x1e0
[  121.672534][ T2611]  ? rwsem_write_trylock+0x15b/0x290
[  121.677651][ T2611]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  121.683908][ T2611]  copy_mm+0xc7e/0x13e0
[  121.687900][ T2611]  ? copy_signal+0x610/0x610
[  121.692320][ T2611]  ? __init_rwsem+0xd6/0x1c0
[  121.696745][ T2611]  ? copy_signal+0x4e3/0x610
[  121.701172][ T2611]  copy_process+0x1149/0x3290
[  121.705693][ T2611]  ? proc_fail_nth_write+0x20b/0x290
[  121.710809][ T2611]  ? fsnotify_perm+0x6a/0x5d0
[  121.715319][ T2611]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  121.720270][ T2611]  ? vfs_write+0x9ec/0x1110
[  121.724607][ T2611]  kernel_clone+0x21e/0x9e0
[  121.728946][ T2611]  ? file_end_write+0x1c0/0x1c0
[  121.733634][ T2611]  ? create_io_thread+0x1e0/0x1e0
[  121.738492][ T2611]  ? mutex_unlock+0xb2/0x260
[  121.742924][ T2611]  ? __mutex_lock_slowpath+0x10/0x10
[  121.748041][ T2611]  __x64_sys_clone+0x23f/0x290
[  121.752639][ T2611]  ? __do_sys_vfork+0x130/0x130
[  121.757331][ T2611]  ? ksys_write+0x260/0x2c0
[  121.761673][ T2611]  ? debug_smp_processor_id+0x17/0x20
[  121.766877][ T2611]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  121.772777][ T2611]  ? exit_to_user_mode_prepare+0x39/0xa0
[  121.778245][ T2611]  do_syscall_64+0x3d/0xb0
[  121.782498][ T2611]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  121.788224][ T2611] RIP: 0033:0x7faae203fda9
[  121.792482][ T2611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  121.811922][ T2611] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  121.820163][ T2611] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  121.827978][ T2611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  121.835788][ T2611] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  121.843599][ T2611] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  121.851408][ T2611] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  121.859224][ T2611]  </TASK>
[  121.862092][ T2610] CPU: 0 PID: 2610 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  121.872162][ T2610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  121.882050][ T2610] Call Trace:
[  121.885177][ T2610]  <TASK>
[  121.887953][ T2610]  dump_stack_lvl+0x151/0x1b7
[  121.892467][ T2610]  ? io_uring_drop_tctx_refs+0x190/0x190
[  121.897941][ T2610]  ? __alloc_pages+0x27e/0x8f0
[  121.902534][ T2610]  dump_stack+0x15/0x17
[  121.906528][ T2610]  should_fail+0x3c6/0x510
[  121.910779][ T2610]  __should_failslab+0xa4/0xe0
[  121.915379][ T2610]  ? vm_area_dup+0x26/0x230
[  121.919717][ T2610]  should_failslab+0x9/0x20
[  121.924057][ T2610]  slab_pre_alloc_hook+0x37/0xd0
[  121.928827][ T2610]  ? vm_area_dup+0x26/0x230
[  121.933166][ T2610]  kmem_cache_alloc+0x44/0x200
[  121.937769][ T2610]  vm_area_dup+0x26/0x230
[  121.941933][ T2610]  copy_mm+0x9a1/0x13e0
[  121.945932][ T2610]  ? copy_signal+0x610/0x610
[  121.950351][ T2610]  ? __init_rwsem+0xd6/0x1c0
[  121.954778][ T2610]  ? copy_signal+0x4e3/0x610
[  121.959207][ T2610]  copy_process+0x1149/0x3290
[  121.963723][ T2610]  ? proc_fail_nth_write+0x20b/0x290
[  121.968840][ T2610]  ? fsnotify_perm+0x6a/0x5d0
[  121.973356][ T2610]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  121.978302][ T2610]  ? vfs_write+0x9ec/0x1110
[  121.982642][ T2610]  kernel_clone+0x21e/0x9e0
[  121.986988][ T2610]  ? file_end_write+0x1c0/0x1c0
[  121.991753][ T2610]  ? create_io_thread+0x1e0/0x1e0
[  121.996613][ T2610]  ? mutex_unlock+0xb2/0x260
[  122.001039][ T2610]  ? __mutex_lock_slowpath+0x10/0x10
[  122.006165][ T2610]  __x64_sys_clone+0x23f/0x290
[  122.010762][ T2610]  ? __do_sys_vfork+0x130/0x130
[  122.015447][ T2610]  ? ksys_write+0x260/0x2c0
[  122.019787][ T2610]  ? debug_smp_processor_id+0x17/0x20
[  122.024994][ T2610]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  122.030897][ T2610]  ? exit_to_user_mode_prepare+0x39/0xa0
[  122.036394][ T2610]  do_syscall_64+0x3d/0xb0
[  122.040618][ T2610]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  122.046344][ T2610] RIP: 0033:0x7f7a0de6fda9
[  122.050600][ T2610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  122.070038][ T2610] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  122.078285][ T2610] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:36 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:36 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

21:57:36 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

[  122.086094][ T2610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  122.093908][ T2610] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  122.101719][ T2610] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  122.109530][ T2610] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  122.117348][ T2610]  </TASK>
21:57:36 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0)

[  122.154537][ T2620] FAULT_INJECTION: forcing a failure.
[  122.154537][ T2620] name fail_page_alloc, interval 1, probability 0, space 0, times 0
21:57:37 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x806702a0ffffffff, 0x0, 0x0, 0x0)

[  122.200368][ T2620] CPU: 1 PID: 2620 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  122.210453][ T2620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  122.220350][ T2620] Call Trace:
[  122.223473][ T2620]  <TASK>
[  122.226252][ T2620]  dump_stack_lvl+0x151/0x1b7
[  122.230760][ T2620]  ? io_uring_drop_tctx_refs+0x190/0x190
[  122.236229][ T2620]  dump_stack+0x15/0x17
[  122.240223][ T2620]  should_fail+0x3c6/0x510
[  122.244520][ T2620]  should_fail_alloc_page+0x5a/0x80
[  122.249510][ T2620]  prepare_alloc_pages+0x15c/0x700
[  122.254456][ T2620]  ? __alloc_pages_bulk+0xe40/0xe40
[  122.259497][ T2620]  __alloc_pages+0x18c/0x8f0
[  122.263918][ T2620]  ? prep_new_page+0x110/0x110
[  122.268514][ T2620]  ? __alloc_pages+0x27e/0x8f0
[  122.273119][ T2620]  ? __kasan_check_write+0x14/0x20
[  122.278064][ T2620]  ? _raw_spin_lock+0xa4/0x1b0
[  122.282662][ T2620]  pte_alloc_one+0x73/0x1b0
[  122.287005][ T2620]  ? pfn_modify_allowed+0x2f0/0x2f0
[  122.292035][ T2620]  ? __pmd_alloc+0x48d/0x550
[  122.296463][ T2620]  __pte_alloc+0x86/0x350
[  122.300630][ T2620]  ? __pud_alloc+0x260/0x260
[  122.305162][ T2620]  ? __pud_alloc+0x213/0x260
[  122.309585][ T2620]  ? free_pgtables+0x280/0x280
[  122.314174][ T2620]  ? do_handle_mm_fault+0x2330/0x2330
[  122.319382][ T2620]  ? __stack_depot_save+0x34/0x470
[  122.324338][ T2620]  ? anon_vma_clone+0x9a/0x500
[  122.328969][ T2620]  copy_page_range+0x28a8/0x2f90
[  122.333789][ T2620]  ? __kasan_slab_alloc+0xb1/0xe0
[  122.338650][ T2620]  ? slab_post_alloc_hook+0x53/0x2c0
[  122.343770][ T2620]  ? kernel_clone+0x21e/0x9e0
[  122.348281][ T2620]  ? do_syscall_64+0x3d/0xb0
[  122.352710][ T2620]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  122.358618][ T2620]  ? pfn_valid+0x1e0/0x1e0
[  122.362868][ T2620]  ? rwsem_write_trylock+0x15b/0x290
[  122.367985][ T2620]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  122.374238][ T2620]  copy_mm+0xc7e/0x13e0
[  122.378230][ T2620]  ? copy_signal+0x610/0x610
[  122.382656][ T2620]  ? __init_rwsem+0xd6/0x1c0
[  122.387080][ T2620]  ? copy_signal+0x4e3/0x610
[  122.391507][ T2620]  copy_process+0x1149/0x3290
[  122.396034][ T2620]  ? proc_fail_nth_write+0x20b/0x290
[  122.401140][ T2620]  ? fsnotify_perm+0x6a/0x5d0
[  122.405653][ T2620]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  122.410602][ T2620]  ? vfs_write+0x9ec/0x1110
[  122.414944][ T2620]  kernel_clone+0x21e/0x9e0
[  122.419282][ T2620]  ? file_end_write+0x1c0/0x1c0
[  122.423966][ T2620]  ? create_io_thread+0x1e0/0x1e0
[  122.428828][ T2620]  ? mutex_unlock+0xb2/0x260
[  122.433265][ T2620]  ? __mutex_lock_slowpath+0x10/0x10
[  122.438395][ T2620]  __x64_sys_clone+0x23f/0x290
[  122.442976][ T2620]  ? __do_sys_vfork+0x130/0x130
[  122.447662][ T2620]  ? ksys_write+0x260/0x2c0
[  122.452006][ T2620]  ? debug_smp_processor_id+0x17/0x20
[  122.457211][ T2620]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  122.463117][ T2620]  ? exit_to_user_mode_prepare+0x39/0xa0
[  122.468578][ T2620]  do_syscall_64+0x3d/0xb0
[  122.472832][ T2620]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  122.478559][ T2620] RIP: 0033:0x7faae203fda9
[  122.482818][ T2620] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  122.502258][ T2620] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  122.510499][ T2620] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  122.518312][ T2620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  122.526125][ T2620] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  122.533933][ T2620] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  122.541743][ T2620] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
21:57:37 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:37 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xf5ffffff00000000, 0x0, 0x0, 0x0)

[  122.549559][ T2620]  </TASK>
[  122.554944][ T2628] FAULT_INJECTION: forcing a failure.
[  122.554944][ T2628] name failslab, interval 1, probability 0, space 0, times 0
[  122.582102][ T2628] CPU: 1 PID: 2628 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  122.592185][ T2628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  122.602082][ T2628] Call Trace:
[  122.605202][ T2628]  <TASK>
[  122.607976][ T2628]  dump_stack_lvl+0x151/0x1b7
[  122.612492][ T2628]  ? io_uring_drop_tctx_refs+0x190/0x190
[  122.617958][ T2628]  ? avc_denied+0x1b0/0x1b0
[  122.622296][ T2628]  dump_stack+0x15/0x17
[  122.626289][ T2628]  should_fail+0x3c6/0x510
[  122.630547][ T2628]  __should_failslab+0xa4/0xe0
[  122.635143][ T2628]  ? vm_area_dup+0x26/0x230
[  122.639484][ T2628]  should_failslab+0x9/0x20
[  122.643822][ T2628]  slab_pre_alloc_hook+0x37/0xd0
[  122.648593][ T2628]  ? vm_area_dup+0x26/0x230
[  122.652934][ T2628]  kmem_cache_alloc+0x44/0x200
[  122.657535][ T2628]  vm_area_dup+0x26/0x230
[  122.661698][ T2628]  copy_mm+0x9a1/0x13e0
[  122.665693][ T2628]  ? copy_signal+0x610/0x610
[  122.670116][ T2628]  ? __init_rwsem+0xd6/0x1c0
[  122.674544][ T2628]  ? copy_signal+0x4e3/0x610
[  122.678971][ T2628]  copy_process+0x1149/0x3290
[  122.683487][ T2628]  ? proc_fail_nth_write+0x20b/0x290
[  122.688605][ T2628]  ? fsnotify_perm+0x6a/0x5d0
[  122.693116][ T2628]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  122.698066][ T2628]  ? vfs_write+0x9ec/0x1110
[  122.702411][ T2628]  kernel_clone+0x21e/0x9e0
[  122.706759][ T2628]  ? file_end_write+0x1c0/0x1c0
[  122.711432][ T2628]  ? create_io_thread+0x1e0/0x1e0
[  122.716288][ T2628]  ? mutex_unlock+0xb2/0x260
[  122.720715][ T2628]  ? __mutex_lock_slowpath+0x10/0x10
[  122.725838][ T2628]  __x64_sys_clone+0x23f/0x290
[  122.730437][ T2628]  ? __do_sys_vfork+0x130/0x130
[  122.735125][ T2628]  ? ksys_write+0x260/0x2c0
[  122.739475][ T2628]  ? debug_smp_processor_id+0x17/0x20
[  122.744671][ T2628]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  122.750574][ T2628]  ? exit_to_user_mode_prepare+0x39/0xa0
[  122.756043][ T2628]  do_syscall_64+0x3d/0xb0
[  122.760295][ T2628]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  122.766021][ T2628] RIP: 0033:0x7f7a0de6fda9
[  122.770279][ T2628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  122.789721][ T2628] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:37 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

21:57:37 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xfbffffff00000000, 0x0, 0x0, 0x0)

[  122.797961][ T2628] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  122.805776][ T2628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  122.813587][ T2628] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  122.821396][ T2628] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  122.829209][ T2628] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
[  122.837025][ T2628]  </TASK>
[  122.867225][ T2638] FAULT_INJECTION: forcing a failure.
[  122.867225][ T2638] name failslab, interval 1, probability 0, space 0, times 0
[  122.880356][ T2638] CPU: 1 PID: 2638 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  122.890432][ T2638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  122.900326][ T2638] Call Trace:
[  122.903448][ T2638]  <TASK>
[  122.906225][ T2638]  dump_stack_lvl+0x151/0x1b7
[  122.910737][ T2638]  ? io_uring_drop_tctx_refs+0x190/0x190
[  122.916205][ T2638]  dump_stack+0x15/0x17
[  122.920195][ T2638]  should_fail+0x3c6/0x510
[  122.924450][ T2638]  __should_failslab+0xa4/0xe0
[  122.929050][ T2638]  ? vm_area_dup+0x26/0x230
[  122.933402][ T2638]  should_failslab+0x9/0x20
[  122.937735][ T2638]  slab_pre_alloc_hook+0x37/0xd0
[  122.942509][ T2638]  ? vm_area_dup+0x26/0x230
[  122.946845][ T2638]  kmem_cache_alloc+0x44/0x200
[  122.951443][ T2638]  vm_area_dup+0x26/0x230
[  122.955611][ T2638]  copy_mm+0x9a1/0x13e0
[  122.959606][ T2638]  ? copy_signal+0x610/0x610
[  122.964026][ T2638]  ? __init_rwsem+0xd6/0x1c0
[  122.968452][ T2638]  ? copy_signal+0x4e3/0x610
[  122.972880][ T2638]  copy_process+0x1149/0x3290
[  122.977399][ T2638]  ? proc_fail_nth_write+0x20b/0x290
[  122.982515][ T2638]  ? fsnotify_perm+0x6a/0x5d0
[  122.987028][ T2638]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  122.991981][ T2638]  ? vfs_write+0x9ec/0x1110
[  122.996320][ T2638]  kernel_clone+0x21e/0x9e0
[  123.000657][ T2638]  ? file_end_write+0x1c0/0x1c0
[  123.005344][ T2638]  ? create_io_thread+0x1e0/0x1e0
[  123.010202][ T2638]  ? mutex_unlock+0xb2/0x260
[  123.014638][ T2638]  ? __mutex_lock_slowpath+0x10/0x10
[  123.019753][ T2638]  __x64_sys_clone+0x23f/0x290
[  123.024355][ T2638]  ? __do_sys_vfork+0x130/0x130
[  123.029043][ T2638]  ? ksys_write+0x260/0x2c0
[  123.033382][ T2638]  ? debug_smp_processor_id+0x17/0x20
[  123.038589][ T2638]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  123.044485][ T2638]  ? exit_to_user_mode_prepare+0x39/0xa0
[  123.049956][ T2638]  do_syscall_64+0x3d/0xb0
[  123.054205][ T2638]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  123.059933][ T2638] RIP: 0033:0x7faae203fda9
[  123.064189][ T2638] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  123.083627][ T2638] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  123.091875][ T2638] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  123.099685][ T2638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  123.107494][ T2638] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:37 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xff0f010000000000, 0x0, 0x0, 0x0)

21:57:37 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:37 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

21:57:38 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

[  123.115306][ T2638] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  123.123117][ T2638] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  123.130934][ T2638]  </TASK>
21:57:38 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0xffffffffa0026780, 0x0, 0x0, 0x0)

21:57:38 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  123.171781][ T2641] FAULT_INJECTION: forcing a failure.
[  123.171781][ T2641] name failslab, interval 1, probability 0, space 0, times 0
[  123.208971][ T2641] CPU: 0 PID: 2641 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  123.219064][ T2641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  123.228958][ T2641] Call Trace:
[  123.232077][ T2641]  <TASK>
[  123.234857][ T2641]  dump_stack_lvl+0x151/0x1b7
[  123.239376][ T2641]  ? io_uring_drop_tctx_refs+0x190/0x190
[  123.244849][ T2641]  dump_stack+0x15/0x17
[  123.247997][ T2646] FAULT_INJECTION: forcing a failure.
[  123.247997][ T2646] name failslab, interval 1, probability 0, space 0, times 0
[  123.248826][ T2641]  should_fail+0x3c6/0x510
[  123.265499][ T2641]  __should_failslab+0xa4/0xe0
[  123.270094][ T2641]  ? anon_vma_fork+0xf7/0x4e0
[  123.274604][ T2641]  should_failslab+0x9/0x20
[  123.278948][ T2641]  slab_pre_alloc_hook+0x37/0xd0
[  123.283719][ T2641]  ? anon_vma_fork+0xf7/0x4e0
[  123.288231][ T2641]  kmem_cache_alloc+0x44/0x200
[  123.292837][ T2641]  anon_vma_fork+0xf7/0x4e0
[  123.297171][ T2641]  ? anon_vma_name+0x4c/0x70
[  123.301601][ T2641]  ? vm_area_dup+0x17a/0x230
[  123.306026][ T2641]  copy_mm+0xa3a/0x13e0
[  123.310033][ T2641]  ? copy_signal+0x610/0x610
[  123.314443][ T2641]  ? __init_rwsem+0xd6/0x1c0
[  123.318875][ T2641]  ? copy_signal+0x4e3/0x610
[  123.323300][ T2641]  copy_process+0x1149/0x3290
[  123.327811][ T2641]  ? proc_fail_nth_write+0x20b/0x290
[  123.332935][ T2641]  ? fsnotify_perm+0x6a/0x5d0
[  123.337448][ T2641]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  123.342395][ T2641]  ? vfs_write+0x9ec/0x1110
[  123.346737][ T2641]  kernel_clone+0x21e/0x9e0
[  123.351066][ T2641]  ? file_end_write+0x1c0/0x1c0
[  123.355762][ T2641]  ? create_io_thread+0x1e0/0x1e0
[  123.360613][ T2641]  ? mutex_unlock+0xb2/0x260
[  123.365040][ T2641]  ? __mutex_lock_slowpath+0x10/0x10
[  123.370162][ T2641]  __x64_sys_clone+0x23f/0x290
[  123.374760][ T2641]  ? __do_sys_vfork+0x130/0x130
[  123.379449][ T2641]  ? ksys_write+0x260/0x2c0
[  123.383791][ T2641]  ? debug_smp_processor_id+0x17/0x20
[  123.388993][ T2641]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  123.394900][ T2641]  ? exit_to_user_mode_prepare+0x39/0xa0
[  123.400368][ T2641]  do_syscall_64+0x3d/0xb0
[  123.404618][ T2641]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  123.410355][ T2641] RIP: 0033:0x7f7a0de6fda9
[  123.414599][ T2641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  123.434040][ T2641] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  123.442288][ T2641] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  123.450097][ T2641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  123.457910][ T2641] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
21:57:38 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000, 0x0)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000500)=0x100)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x78}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @jmp={0x5, 0x1, 0x8, 0x2, 0x9, 0x18, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0xe1, &(0x7f0000000180)=""/225, 0x41000, 0x28, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0xc, 0x54000000, 0x7}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=[{0x5, 0x1, 0xa, 0x1}, {0x1, 0x1, 0x2, 0x2}, {0x5, 0x2, 0x6, 0x6}], 0x10, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:38 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

[  123.465720][ T2641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  123.473531][ T2641] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  123.481349][ T2641]  </TASK>
[  123.485073][ T2646] CPU: 0 PID: 2646 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  123.495147][ T2646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  123.505036][ T2646] Call Trace:
[  123.508160][ T2646]  <TASK>
[  123.510949][ T2646]  dump_stack_lvl+0x151/0x1b7
[  123.515462][ T2646]  ? io_uring_drop_tctx_refs+0x190/0x190
[  123.520924][ T2646]  dump_stack+0x15/0x17
[  123.524913][ T2646]  should_fail+0x3c6/0x510
[  123.529175][ T2646]  __should_failslab+0xa4/0xe0
[  123.533768][ T2646]  ? anon_vma_fork+0xf7/0x4e0
[  123.538276][ T2646]  should_failslab+0x9/0x20
[  123.542615][ T2646]  slab_pre_alloc_hook+0x37/0xd0
[  123.547390][ T2646]  ? anon_vma_fork+0xf7/0x4e0
[  123.551904][ T2646]  kmem_cache_alloc+0x44/0x200
[  123.556504][ T2646]  anon_vma_fork+0xf7/0x4e0
[  123.560840][ T2646]  ? anon_vma_name+0x4c/0x70
[  123.565266][ T2646]  ? vm_area_dup+0x17a/0x230
[  123.569693][ T2646]  copy_mm+0xa3a/0x13e0
[  123.573692][ T2646]  ? copy_signal+0x610/0x610
[  123.578113][ T2646]  ? __init_rwsem+0xd6/0x1c0
[  123.582539][ T2646]  ? copy_signal+0x4e3/0x610
[  123.586970][ T2646]  copy_process+0x1149/0x3290
[  123.591479][ T2646]  ? proc_fail_nth_write+0x20b/0x290
[  123.596601][ T2646]  ? fsnotify_perm+0x6a/0x5d0
[  123.601112][ T2646]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  123.606060][ T2646]  ? vfs_write+0x9ec/0x1110
[  123.610402][ T2646]  kernel_clone+0x21e/0x9e0
[  123.614749][ T2646]  ? file_end_write+0x1c0/0x1c0
[  123.619433][ T2646]  ? create_io_thread+0x1e0/0x1e0
[  123.624287][ T2646]  ? mutex_unlock+0xb2/0x260
[  123.628712][ T2646]  ? __mutex_lock_slowpath+0x10/0x10
[  123.633834][ T2646]  __x64_sys_clone+0x23f/0x290
[  123.638434][ T2646]  ? __do_sys_vfork+0x130/0x130
[  123.643123][ T2646]  ? ksys_write+0x260/0x2c0
[  123.647462][ T2646]  ? debug_smp_processor_id+0x17/0x20
[  123.652665][ T2646]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  123.658568][ T2646]  ? exit_to_user_mode_prepare+0x39/0xa0
[  123.664035][ T2646]  do_syscall_64+0x3d/0xb0
[  123.668291][ T2646]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  123.674018][ T2646] RIP: 0033:0x7faae203fda9
[  123.678275][ T2646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  123.697715][ T2646] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  123.705960][ T2646] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  123.713769][ T2646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  123.721579][ T2646] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  123.729390][ T2646] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  123.737203][ T2646] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  123.745016][ T2646]  </TASK>
[  123.753941][ T2655] FAULT_INJECTION: forcing a failure.
[  123.753941][ T2655] name fail_page_alloc, interval 1, probability 0, space 0, times 0
21:57:38 executing program 0:
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000, 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000, 0x0)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000500)=0x100)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x78}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @jmp={0x5, 0x1, 0x8, 0x2, 0x9, 0x18, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0xe1, &(0x7f0000000180)=""/225, 0x41000, 0x28, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0xc, 0x54000000, 0x7}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=[{0x5, 0x1, 0xa, 0x1}, {0x1, 0x1, 0x2, 0x2}, {0x5, 0x2, 0x6, 0x6}], 0x10, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  123.771759][ T2655] CPU: 0 PID: 2655 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  123.781852][ T2655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  123.791748][ T2655] Call Trace:
[  123.794869][ T2655]  <TASK>
[  123.797648][ T2655]  dump_stack_lvl+0x151/0x1b7
[  123.802162][ T2655]  ? io_uring_drop_tctx_refs+0x190/0x190
[  123.807633][ T2655]  dump_stack+0x15/0x17
[  123.811618][ T2655]  should_fail+0x3c6/0x510
[  123.815871][ T2655]  should_fail_alloc_page+0x5a/0x80
[  123.820905][ T2655]  prepare_alloc_pages+0x15c/0x700
[  123.825854][ T2655]  ? __alloc_pages_bulk+0xe40/0xe40
[  123.830889][ T2655]  __alloc_pages+0x18c/0x8f0
[  123.835312][ T2655]  ? prep_new_page+0x110/0x110
[  123.839909][ T2655]  ? __alloc_pages+0x27e/0x8f0
[  123.844509][ T2655]  ? __kasan_check_write+0x14/0x20
[  123.849457][ T2655]  ? _raw_spin_lock+0xa4/0x1b0
[  123.854056][ T2655]  __pmd_alloc+0xb1/0x550
[  123.858223][ T2655]  ? __pud_alloc+0x260/0x260
[  123.862650][ T2655]  ? __pud_alloc+0x213/0x260
[  123.867075][ T2655]  ? do_handle_mm_fault+0x2330/0x2330
[  123.872283][ T2655]  ? __stack_depot_save+0x34/0x470
[  123.877230][ T2655]  ? anon_vma_clone+0x9a/0x500
[  123.881832][ T2655]  copy_page_range+0x2b3d/0x2f90
[  123.886601][ T2655]  ? __kasan_slab_alloc+0xb1/0xe0
[  123.891464][ T2655]  ? slab_post_alloc_hook+0x53/0x2c0
[  123.896584][ T2655]  ? copy_mm+0xa3a/0x13e0
[  123.900749][ T2655]  ? copy_process+0x1149/0x3290
[  123.905434][ T2655]  ? kernel_clone+0x21e/0x9e0
[  123.909949][ T2655]  ? do_syscall_64+0x3d/0xb0
[  123.914380][ T2655]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  123.920289][ T2655]  ? pfn_valid+0x1e0/0x1e0
[  123.924529][ T2655]  ? rwsem_write_trylock+0x15b/0x290
[  123.929651][ T2655]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  123.935903][ T2655]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  123.941458][ T2655]  ? __rb_insert_augmented+0x5de/0x610
[  123.946753][ T2655]  copy_mm+0xc7e/0x13e0
[  123.950744][ T2655]  ? copy_signal+0x610/0x610
[  123.955170][ T2655]  ? __init_rwsem+0xd6/0x1c0
[  123.959598][ T2655]  ? copy_signal+0x4e3/0x610
[  123.964023][ T2655]  copy_process+0x1149/0x3290
[  123.968537][ T2655]  ? proc_fail_nth_write+0x20b/0x290
[  123.973658][ T2655]  ? fsnotify_perm+0x6a/0x5d0
[  123.978169][ T2655]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  123.983118][ T2655]  ? vfs_write+0x9ec/0x1110
[  123.987456][ T2655]  kernel_clone+0x21e/0x9e0
[  123.991797][ T2655]  ? file_end_write+0x1c0/0x1c0
[  123.996480][ T2655]  ? create_io_thread+0x1e0/0x1e0
[  124.001344][ T2655]  ? mutex_unlock+0xb2/0x260
[  124.005768][ T2655]  ? __mutex_lock_slowpath+0x10/0x10
[  124.010892][ T2655]  __x64_sys_clone+0x23f/0x290
[  124.015491][ T2655]  ? __do_sys_vfork+0x130/0x130
[  124.020177][ T2655]  ? ksys_write+0x260/0x2c0
[  124.024520][ T2655]  ? debug_smp_processor_id+0x17/0x20
[  124.029724][ T2655]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  124.035626][ T2655]  ? exit_to_user_mode_prepare+0x39/0xa0
[  124.041097][ T2655]  do_syscall_64+0x3d/0xb0
[  124.045346][ T2655]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.051076][ T2655] RIP: 0033:0x7f7a0de6fda9
[  124.055329][ T2655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:38 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

21:57:38 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  124.074772][ T2655] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  124.083015][ T2655] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  124.090829][ T2655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  124.098638][ T2655] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  124.106451][ T2655] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  124.114258][ T2655] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  124.122078][ T2655]  </TASK>
[  124.160498][ T2663] FAULT_INJECTION: forcing a failure.
[  124.160498][ T2663] name failslab, interval 1, probability 0, space 0, times 0
[  124.178201][ T2663] CPU: 1 PID: 2663 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  124.188290][ T2663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  124.198213][ T2663] Call Trace:
[  124.201304][ T2663]  <TASK>
[  124.204085][ T2663]  dump_stack_lvl+0x151/0x1b7
[  124.208597][ T2663]  ? io_uring_drop_tctx_refs+0x190/0x190
[  124.214069][ T2663]  dump_stack+0x15/0x17
[  124.218058][ T2663]  should_fail+0x3c6/0x510
[  124.222314][ T2663]  __should_failslab+0xa4/0xe0
[  124.226914][ T2663]  ? anon_vma_fork+0x1df/0x4e0
[  124.231512][ T2663]  should_failslab+0x9/0x20
[  124.235866][ T2663]  slab_pre_alloc_hook+0x37/0xd0
[  124.240624][ T2663]  ? anon_vma_fork+0x1df/0x4e0
[  124.245221][ T2663]  kmem_cache_alloc+0x44/0x200
[  124.249842][ T2663]  anon_vma_fork+0x1df/0x4e0
[  124.254251][ T2663]  copy_mm+0xa3a/0x13e0
21:57:39 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000, 0x0)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000500)=0x100) (async, rerun: 32)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (rerun: 32)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r1, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x78}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @jmp={0x5, 0x1, 0x8, 0x2, 0x9, 0x18, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0xe1, &(0x7f0000000180)=""/225, 0x41000, 0x28, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0xc, 0x54000000, 0x7}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=[{0x5, 0x1, 0xa, 0x1}, {0x1, 0x1, 0x2, 0x2}, {0x5, 0x2, 0x6, 0x6}], 0x10, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  124.258247][ T2663]  ? copy_signal+0x610/0x610
[  124.262667][ T2663]  ? __init_rwsem+0xd6/0x1c0
[  124.267094][ T2663]  ? copy_signal+0x4e3/0x610
[  124.271522][ T2663]  copy_process+0x1149/0x3290
[  124.276038][ T2663]  ? proc_fail_nth_write+0x20b/0x290
[  124.281156][ T2663]  ? fsnotify_perm+0x6a/0x5d0
[  124.285673][ T2663]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  124.290617][ T2663]  ? vfs_write+0x9ec/0x1110
[  124.294957][ T2663]  kernel_clone+0x21e/0x9e0
[  124.299299][ T2663]  ? file_end_write+0x1c0/0x1c0
[  124.303988][ T2663]  ? create_io_thread+0x1e0/0x1e0
[  124.308847][ T2663]  ? mutex_unlock+0xb2/0x260
[  124.313273][ T2663]  ? __mutex_lock_slowpath+0x10/0x10
[  124.318392][ T2663]  __x64_sys_clone+0x23f/0x290
[  124.322992][ T2663]  ? __do_sys_vfork+0x130/0x130
[  124.327674][ T2663]  ? ksys_write+0x260/0x2c0
[  124.332020][ T2663]  ? debug_smp_processor_id+0x17/0x20
[  124.337223][ T2663]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  124.343125][ T2663]  ? exit_to_user_mode_prepare+0x39/0xa0
[  124.348597][ T2663]  do_syscall_64+0x3d/0xb0
[  124.352854][ T2663]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.358575][ T2663] RIP: 0033:0x7faae203fda9
[  124.362830][ T2663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  124.382379][ T2663] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  124.390620][ T2663] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  124.398428][ T2663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:39 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

21:57:39 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

[  124.406231][ T2663] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  124.414041][ T2663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  124.421853][ T2663] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  124.429669][ T2663]  </TASK>
21:57:39 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xbd, &(0x7f0000000180)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xe9, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x24000000, '\x00', r2, r3, 0x4, 0x1, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r1, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa9, &(0x7f0000000700)=[{}, {}], 0x10, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x53, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x17, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x156}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x400}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd80a}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7ff}, @alu={0x4, 0x1, 0xc, 0x2, 0x5, 0x18, 0xffffffffffffffff}, @exit], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000540)='syzkaller\x00', 0x2, 0xa5, &(0x7f0000000580)=""/165, 0x41100, 0x22, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000940)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x3, 0x606b, 0x5}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[r4], &(0x7f0000000a80)=[{0x5, 0x2, 0x2, 0x6}, {0x2, 0x5, 0x10, 0x7}, {0x2, 0x4, 0x9, 0x2}, {0x2, 0x5, 0x4, 0x8}, {0x4, 0x5, 0x8, 0x4}], 0x10, 0x6}, 0x90)

[  124.452093][ T2671] FAULT_INJECTION: forcing a failure.
[  124.452093][ T2671] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  124.465348][ T2671] CPU: 1 PID: 2671 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  124.475421][ T2671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  124.482038][ T2673] FAULT_INJECTION: forcing a failure.
[  124.482038][ T2673] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  124.485313][ T2671] Call Trace:
[  124.485323][ T2671]  <TASK>
[  124.485333][ T2671]  dump_stack_lvl+0x151/0x1b7
[  124.508751][ T2671]  ? io_uring_drop_tctx_refs+0x190/0x190
[  124.514217][ T2671]  dump_stack+0x15/0x17
[  124.518210][ T2671]  should_fail+0x3c6/0x510
[  124.522463][ T2671]  should_fail_alloc_page+0x5a/0x80
[  124.527495][ T2671]  prepare_alloc_pages+0x15c/0x700
[  124.532441][ T2671]  ? __alloc_pages_bulk+0xe40/0xe40
[  124.537487][ T2671]  __alloc_pages+0x18c/0x8f0
[  124.541904][ T2671]  ? prep_new_page+0x110/0x110
[  124.546501][ T2671]  ? __alloc_pages+0x27e/0x8f0
[  124.551104][ T2671]  ? __kasan_check_write+0x14/0x20
[  124.556057][ T2671]  ? _raw_spin_lock+0xa4/0x1b0
[  124.560649][ T2671]  __pmd_alloc+0xb1/0x550
[  124.564815][ T2671]  ? __pud_alloc+0x260/0x260
[  124.569242][ T2671]  ? __pud_alloc+0x213/0x260
[  124.573668][ T2671]  ? do_handle_mm_fault+0x2330/0x2330
[  124.578878][ T2671]  ? __stack_depot_save+0x34/0x470
[  124.583821][ T2671]  ? anon_vma_clone+0x9a/0x500
[  124.588423][ T2671]  copy_page_range+0x2b3d/0x2f90
[  124.593198][ T2671]  ? __kasan_slab_alloc+0xb1/0xe0
[  124.598061][ T2671]  ? slab_post_alloc_hook+0x53/0x2c0
[  124.603186][ T2671]  ? copy_mm+0xa3a/0x13e0
[  124.607342][ T2671]  ? copy_process+0x1149/0x3290
[  124.612029][ T2671]  ? kernel_clone+0x21e/0x9e0
[  124.616543][ T2671]  ? do_syscall_64+0x3d/0xb0
[  124.620970][ T2671]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.626883][ T2671]  ? pfn_valid+0x1e0/0x1e0
[  124.631125][ T2671]  ? rwsem_write_trylock+0x15b/0x290
[  124.636244][ T2671]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  124.642501][ T2671]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  124.648048][ T2671]  ? __rb_insert_augmented+0x5de/0x610
[  124.653347][ T2671]  copy_mm+0xc7e/0x13e0
[  124.657341][ T2671]  ? copy_signal+0x610/0x610
[  124.661765][ T2671]  ? __init_rwsem+0xd6/0x1c0
[  124.666190][ T2671]  ? copy_signal+0x4e3/0x610
[  124.670615][ T2671]  copy_process+0x1149/0x3290
[  124.675128][ T2671]  ? proc_fail_nth_write+0x20b/0x290
[  124.680249][ T2671]  ? fsnotify_perm+0x6a/0x5d0
[  124.684762][ T2671]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  124.689709][ T2671]  ? vfs_write+0x9ec/0x1110
[  124.694050][ T2671]  kernel_clone+0x21e/0x9e0
[  124.698390][ T2671]  ? file_end_write+0x1c0/0x1c0
[  124.703076][ T2671]  ? create_io_thread+0x1e0/0x1e0
[  124.707949][ T2671]  ? mutex_unlock+0xb2/0x260
[  124.712364][ T2671]  ? __mutex_lock_slowpath+0x10/0x10
[  124.717483][ T2671]  __x64_sys_clone+0x23f/0x290
[  124.722084][ T2671]  ? __do_sys_vfork+0x130/0x130
[  124.726770][ T2671]  ? ksys_write+0x260/0x2c0
[  124.731113][ T2671]  ? debug_smp_processor_id+0x17/0x20
[  124.736318][ T2671]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  124.742218][ T2671]  ? exit_to_user_mode_prepare+0x39/0xa0
[  124.747686][ T2671]  do_syscall_64+0x3d/0xb0
[  124.751941][ T2671]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.757674][ T2671] RIP: 0033:0x7f7a0de6fda9
[  124.761924][ T2671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  124.781366][ T2671] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  124.789610][ T2671] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  124.797417][ T2671] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  124.805229][ T2671] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  124.813042][ T2671] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  124.820851][ T2671] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  124.828684][ T2671]  </TASK>
[  124.831531][ T2673] CPU: 0 PID: 2673 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  124.841600][ T2673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  124.851492][ T2673] Call Trace:
[  124.854615][ T2673]  <TASK>
[  124.857395][ T2673]  dump_stack_lvl+0x151/0x1b7
[  124.862049][ T2673]  ? io_uring_drop_tctx_refs+0x190/0x190
[  124.867462][ T2673]  dump_stack+0x15/0x17
[  124.871450][ T2673]  should_fail+0x3c6/0x510
[  124.875712][ T2673]  should_fail_alloc_page+0x5a/0x80
[  124.880739][ T2673]  prepare_alloc_pages+0x15c/0x700
[  124.885691][ T2673]  ? __alloc_pages_bulk+0xe40/0xe40
[  124.890726][ T2673]  __alloc_pages+0x18c/0x8f0
[  124.895148][ T2673]  ? prep_new_page+0x110/0x110
[  124.899759][ T2673]  get_zeroed_page+0x1b/0x40
[  124.904170][ T2673]  __pud_alloc+0x8b/0x260
[  124.908339][ T2673]  ? stack_trace_snprint+0xf0/0xf0
[  124.913284][ T2673]  ? do_handle_mm_fault+0x2330/0x2330
[  124.918497][ T2673]  ? __stack_depot_save+0x34/0x470
[  124.923438][ T2673]  ? anon_vma_clone+0x9a/0x500
[  124.928040][ T2673]  copy_page_range+0x2bcf/0x2f90
[  124.932817][ T2673]  ? __kasan_slab_alloc+0xb1/0xe0
[  124.937676][ T2673]  ? slab_post_alloc_hook+0x53/0x2c0
[  124.942798][ T2673]  ? copy_mm+0xa3a/0x13e0
[  124.946961][ T2673]  ? copy_process+0x1149/0x3290
[  124.951647][ T2673]  ? kernel_clone+0x21e/0x9e0
[  124.956160][ T2673]  ? __x64_sys_clone+0x23f/0x290
[  124.960945][ T2673]  ? do_syscall_64+0x3d/0xb0
[  124.965363][ T2673]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.971270][ T2673]  ? pfn_valid+0x1e0/0x1e0
[  124.975514][ T2673]  ? rwsem_write_trylock+0x15b/0x290
[  124.980639][ T2673]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  124.986887][ T2673]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  124.992443][ T2673]  ? __rb_insert_augmented+0x5de/0x610
[  124.997741][ T2673]  copy_mm+0xc7e/0x13e0
[  125.001736][ T2673]  ? copy_signal+0x610/0x610
[  125.006153][ T2673]  ? __init_rwsem+0xd6/0x1c0
[  125.010580][ T2673]  ? copy_signal+0x4e3/0x610
[  125.015010][ T2673]  copy_process+0x1149/0x3290
[  125.019521][ T2673]  ? proc_fail_nth_write+0x20b/0x290
[  125.024663][ T2673]  ? fsnotify_perm+0x6a/0x5d0
[  125.029158][ T2673]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  125.034104][ T2673]  ? vfs_write+0x9ec/0x1110
[  125.038446][ T2673]  kernel_clone+0x21e/0x9e0
[  125.042782][ T2673]  ? file_end_write+0x1c0/0x1c0
[  125.047584][ T2673]  ? create_io_thread+0x1e0/0x1e0
[  125.052439][ T2673]  ? mutex_unlock+0xb2/0x260
[  125.056869][ T2673]  ? __mutex_lock_slowpath+0x10/0x10
[  125.061992][ T2673]  __x64_sys_clone+0x23f/0x290
[  125.066590][ T2673]  ? __do_sys_vfork+0x130/0x130
[  125.071390][ T2673]  ? ksys_write+0x260/0x2c0
[  125.075733][ T2673]  ? debug_smp_processor_id+0x17/0x20
[  125.080936][ T2673]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  125.086837][ T2673]  ? exit_to_user_mode_prepare+0x39/0xa0
[  125.092308][ T2673]  do_syscall_64+0x3d/0xb0
[  125.096564][ T2673]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  125.102288][ T2673] RIP: 0033:0x7faae203fda9
[  125.106540][ T2673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  125.125982][ T2673] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  125.134236][ T2673] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  125.142148][ T2673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:40 executing program 2:
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:40 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

21:57:40 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xbd, &(0x7f0000000180)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xe9, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) (async)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x24000000, '\x00', r2, r3, 0x4, 0x1, 0x5}, 0x48) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r1, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa9, &(0x7f0000000700)=[{}, {}], 0x10, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x53, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x17, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x156}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x400}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd80a}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7ff}, @alu={0x4, 0x1, 0xc, 0x2, 0x5, 0x18, 0xffffffffffffffff}, @exit], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000540)='syzkaller\x00', 0x2, 0xa5, &(0x7f0000000580)=""/165, 0x41100, 0x22, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000940)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x3, 0x606b, 0x5}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[r4], &(0x7f0000000a80)=[{0x5, 0x2, 0x2, 0x6}, {0x2, 0x5, 0x10, 0x7}, {0x2, 0x4, 0x9, 0x2}, {0x2, 0x5, 0x4, 0x8}, {0x4, 0x5, 0x8, 0x4}], 0x10, 0x6}, 0x90)

[  125.149962][ T2673] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  125.157769][ T2673] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  125.165578][ T2673] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  125.173399][ T2673]  </TASK>
21:57:40 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  125.223021][ T2679] FAULT_INJECTION: forcing a failure.
[  125.223021][ T2679] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  125.261425][ T2679] CPU: 0 PID: 2679 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  125.271518][ T2679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  125.281415][ T2679] Call Trace:
[  125.284535][ T2679]  <TASK>
[  125.287322][ T2679]  dump_stack_lvl+0x151/0x1b7
[  125.291829][ T2679]  ? io_uring_drop_tctx_refs+0x190/0x190
[  125.297297][ T2679]  dump_stack+0x15/0x17
[  125.301289][ T2679]  should_fail+0x3c6/0x510
[  125.305540][ T2679]  should_fail_alloc_page+0x5a/0x80
[  125.310575][ T2679]  prepare_alloc_pages+0x15c/0x700
[  125.315527][ T2679]  ? __alloc_pages_bulk+0xe40/0xe40
[  125.320558][ T2679]  __alloc_pages+0x18c/0x8f0
[  125.324983][ T2679]  ? prep_new_page+0x110/0x110
[  125.329582][ T2679]  ? __alloc_pages+0x27e/0x8f0
[  125.334181][ T2679]  ? __kasan_check_write+0x14/0x20
[  125.339128][ T2679]  ? _raw_spin_lock+0xa4/0x1b0
[  125.343732][ T2679]  __pmd_alloc+0xb1/0x550
[  125.347896][ T2679]  ? __pud_alloc+0x260/0x260
[  125.352313][ T2679]  ? __pud_alloc+0x213/0x260
[  125.356745][ T2679]  ? do_handle_mm_fault+0x2330/0x2330
[  125.361951][ T2679]  ? __stack_depot_save+0x34/0x470
[  125.366897][ T2679]  ? anon_vma_clone+0x9a/0x500
[  125.371494][ T2679]  copy_page_range+0x2b3d/0x2f90
[  125.376269][ T2679]  ? __kasan_slab_alloc+0xb1/0xe0
[  125.381130][ T2679]  ? slab_post_alloc_hook+0x53/0x2c0
[  125.386250][ T2679]  ? copy_mm+0xa3a/0x13e0
[  125.390416][ T2679]  ? copy_process+0x1149/0x3290
[  125.395105][ T2679]  ? kernel_clone+0x21e/0x9e0
[  125.399620][ T2679]  ? do_syscall_64+0x3d/0xb0
[  125.404040][ T2679]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  125.409954][ T2679]  ? pfn_valid+0x1e0/0x1e0
[  125.414198][ T2679]  ? rwsem_write_trylock+0x15b/0x290
[  125.419319][ T2679]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  125.425574][ T2679]  copy_mm+0xc7e/0x13e0
[  125.429562][ T2679]  ? copy_signal+0x610/0x610
[  125.433985][ T2679]  ? __init_rwsem+0xd6/0x1c0
[  125.438415][ T2679]  ? copy_signal+0x4e3/0x610
[  125.442841][ T2679]  copy_process+0x1149/0x3290
[  125.447354][ T2679]  ? proc_fail_nth_write+0x20b/0x290
[  125.452476][ T2679]  ? fsnotify_perm+0x6a/0x5d0
[  125.456989][ T2679]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  125.461934][ T2679]  ? vfs_write+0x9ec/0x1110
[  125.466285][ T2679]  kernel_clone+0x21e/0x9e0
[  125.470622][ T2679]  ? file_end_write+0x1c0/0x1c0
[  125.475301][ T2679]  ? create_io_thread+0x1e0/0x1e0
[  125.480159][ T2679]  ? mutex_unlock+0xb2/0x260
[  125.484597][ T2679]  ? __mutex_lock_slowpath+0x10/0x10
[  125.489715][ T2679]  __x64_sys_clone+0x23f/0x290
[  125.494311][ T2679]  ? __do_sys_vfork+0x130/0x130
[  125.499001][ T2679]  ? ksys_write+0x260/0x2c0
[  125.503345][ T2679]  ? debug_smp_processor_id+0x17/0x20
[  125.508543][ T2679]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  125.514442][ T2679]  ? exit_to_user_mode_prepare+0x39/0xa0
[  125.519913][ T2679]  do_syscall_64+0x3d/0xb0
[  125.524163][ T2679]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  125.529897][ T2679] RIP: 0033:0x7f7a0de6fda9
[  125.534147][ T2679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  125.553588][ T2679] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  125.561831][ T2679] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:40 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xbd, &(0x7f0000000180)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xe9, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) (async)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x24000000, '\x00', r2, r3, 0x4, 0x1, 0x5}, 0x48) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={r1, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000640)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa9, &(0x7f0000000700)=[{}, {}], 0x10, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x53, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x17, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x156}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x400}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xd80a}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7ff}, @alu={0x4, 0x1, 0xc, 0x2, 0x5, 0x18, 0xffffffffffffffff}, @exit], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000540)='syzkaller\x00', 0x2, 0xa5, &(0x7f0000000580)=""/165, 0x41100, 0x22, '\x00', r5, 0x0, r3, 0x8, &(0x7f0000000940)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x3, 0x606b, 0x5}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000a40)=[r4], &(0x7f0000000a80)=[{0x5, 0x2, 0x2, 0x6}, {0x2, 0x5, 0x10, 0x7}, {0x2, 0x4, 0x9, 0x2}, {0x2, 0x5, 0x4, 0x8}, {0x4, 0x5, 0x8, 0x4}], 0x10, 0x6}, 0x90)

21:57:40 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

21:57:40 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

[  125.569644][ T2679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  125.577452][ T2679] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  125.585352][ T2679] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  125.593161][ T2679] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  125.600989][ T2679]  </TASK>
21:57:40 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  125.652523][ T2697] FAULT_INJECTION: forcing a failure.
[  125.652523][ T2697] name failslab, interval 1, probability 0, space 0, times 0
[  125.674874][ T2697] CPU: 1 PID: 2697 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  125.684958][ T2697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  125.694856][ T2697] Call Trace:
[  125.697978][ T2697]  <TASK>
[  125.700755][ T2697]  dump_stack_lvl+0x151/0x1b7
[  125.705266][ T2697]  ? io_uring_drop_tctx_refs+0x190/0x190
[  125.710735][ T2697]  dump_stack+0x15/0x17
[  125.714726][ T2697]  should_fail+0x3c6/0x510
[  125.718985][ T2697]  __should_failslab+0xa4/0xe0
[  125.723581][ T2697]  ? anon_vma_clone+0x9a/0x500
[  125.728177][ T2697]  should_failslab+0x9/0x20
[  125.732521][ T2697]  slab_pre_alloc_hook+0x37/0xd0
[  125.737290][ T2697]  ? anon_vma_clone+0x9a/0x500
[  125.741907][ T2697]  kmem_cache_alloc+0x44/0x200
[  125.746591][ T2697]  anon_vma_clone+0x9a/0x500
[  125.751016][ T2697]  anon_vma_fork+0x91/0x4e0
[  125.755352][ T2697]  ? anon_vma_name+0x4c/0x70
[  125.759783][ T2697]  ? vm_area_dup+0x17a/0x230
[  125.764205][ T2697]  copy_mm+0xa3a/0x13e0
[  125.768205][ T2697]  ? copy_signal+0x610/0x610
[  125.772624][ T2697]  ? __init_rwsem+0xd6/0x1c0
[  125.777054][ T2697]  ? copy_signal+0x4e3/0x610
[  125.781482][ T2697]  copy_process+0x1149/0x3290
[  125.785997][ T2697]  ? proc_fail_nth_write+0x20b/0x290
[  125.791337][ T2697]  ? fsnotify_perm+0x6a/0x5d0
[  125.795849][ T2697]  ? pidfd_show_fdinfo+0x2b0/0x2b0
21:57:40 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb01001800000000003ed370ffee60a9dd0000030000000d0000000000000100000000420026000e0000000200000f0100000002000000682d0355000000000100000073f6ffff81000000e50c0000000400000f0100000003000000080000000f0d0000020000007f000000040000000100000059dd0000040000000300000017f4422a00000000d50e0000000000000201000000030000000a00000f020000000200000000000000000000b805000000040000000600000002000000060000001f000000030000000900000007000000050000000800000086df000005000000060000000500000001000000020000003b91000005000000001000000100000005000000ff0f0000000000000300000000800000bd000000b69c070000000900000f0200000004000000000000000900000001000000e9000000090000000500000048480000ffffff7f01000000060000005cde614d01000000010000000000000002000000070000000004000003000000ffff0000050000000400000035770000ff030000010000007ad9000042000000ec57090000000000000e0200000001000000030000000000000c05000000040000000000000b000000000000000000"], &(0x7f0000000380)=""/132, 0x1c3, 0x84, 0x1, 0x5}, 0x20)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  125.800798][ T2697]  ? vfs_write+0x9ec/0x1110
[  125.805138][ T2697]  kernel_clone+0x21e/0x9e0
[  125.809477][ T2697]  ? file_end_write+0x1c0/0x1c0
[  125.814160][ T2697]  ? create_io_thread+0x1e0/0x1e0
[  125.819023][ T2697]  ? mutex_unlock+0xb2/0x260
[  125.823456][ T2697]  ? __mutex_lock_slowpath+0x10/0x10
[  125.828581][ T2697]  __x64_sys_clone+0x23f/0x290
[  125.833172][ T2697]  ? __do_sys_vfork+0x130/0x130
[  125.837860][ T2697]  ? ksys_write+0x260/0x2c0
[  125.842202][ T2697]  ? debug_smp_processor_id+0x17/0x20
[  125.847406][ T2697]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  125.853306][ T2697]  ? exit_to_user_mode_prepare+0x39/0xa0
[  125.858771][ T2697]  do_syscall_64+0x3d/0xb0
[  125.863022][ T2697]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  125.868749][ T2697] RIP: 0033:0x7faae203fda9
[  125.873005][ T2697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  125.892444][ T2697] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  125.900692][ T2697] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  125.908592][ T2697] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  125.916401][ T2697] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  125.924214][ T2697] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  125.932021][ T2697] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  125.939924][ T2697]  </TASK>
21:57:40 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

21:57:40 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb01001800000000003ed370ffee60a9dd0000030000000d0000000000000100000000420026000e0000000200000f0100000002000000682d0355000000000100000073f6ffff81000000e50c0000000400000f0100000003000000080000000f0d0000020000007f000000040000000100000059dd0000040000000300000017f4422a00000000d50e0000000000000201000000030000000a00000f020000000200000000000000000000b805000000040000000600000002000000060000001f000000030000000900000007000000050000000800000086df000005000000060000000500000001000000020000003b91000005000000001000000100000005000000ff0f0000000000000300000000800000bd000000b69c070000000900000f0200000004000000000000000900000001000000e9000000090000000500000048480000ffffff7f01000000060000005cde614d01000000010000000000000002000000070000000004000003000000ffff0000050000000400000035770000ff030000010000007ad9000042000000ec57090000000000000e0200000001000000030000000000000c05000000040000000000000b000000000000000000"], &(0x7f0000000380)=""/132, 0x1c3, 0x84, 0x1, 0x5}, 0x20)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:40 executing program 2:
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  125.953927][ T2700] FAULT_INJECTION: forcing a failure.
[  125.953927][ T2700] name failslab, interval 1, probability 0, space 0, times 0
[  125.986508][ T2706] FAULT_INJECTION: forcing a failure.
[  125.986508][ T2706] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  126.003725][ T2700] CPU: 1 PID: 2700 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  126.013816][ T2700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  126.023709][ T2700] Call Trace:
[  126.026828][ T2700]  <TASK>
[  126.029607][ T2700]  dump_stack_lvl+0x151/0x1b7
[  126.034121][ T2700]  ? io_uring_drop_tctx_refs+0x190/0x190
[  126.039597][ T2700]  ? avc_denied+0x1b0/0x1b0
[  126.043932][ T2700]  dump_stack+0x15/0x17
[  126.047926][ T2700]  should_fail+0x3c6/0x510
[  126.052176][ T2700]  __should_failslab+0xa4/0xe0
[  126.056861][ T2700]  ? vm_area_dup+0x26/0x230
[  126.061198][ T2700]  should_failslab+0x9/0x20
[  126.065540][ T2700]  slab_pre_alloc_hook+0x37/0xd0
[  126.070316][ T2700]  ? vm_area_dup+0x26/0x230
[  126.074655][ T2700]  kmem_cache_alloc+0x44/0x200
[  126.079253][ T2700]  vm_area_dup+0x26/0x230
[  126.083425][ T2700]  copy_mm+0x9a1/0x13e0
[  126.087415][ T2700]  ? copy_signal+0x610/0x610
[  126.091963][ T2700]  ? __init_rwsem+0xd6/0x1c0
[  126.096387][ T2700]  ? copy_signal+0x4e3/0x610
[  126.100811][ T2700]  copy_process+0x1149/0x3290
[  126.105343][ T2700]  ? proc_fail_nth_write+0x20b/0x290
[  126.110450][ T2700]  ? fsnotify_perm+0x6a/0x5d0
[  126.114961][ T2700]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  126.119909][ T2700]  ? vfs_write+0x9ec/0x1110
[  126.124248][ T2700]  kernel_clone+0x21e/0x9e0
[  126.128584][ T2700]  ? file_end_write+0x1c0/0x1c0
[  126.133282][ T2700]  ? create_io_thread+0x1e0/0x1e0
[  126.138135][ T2700]  ? mutex_unlock+0xb2/0x260
[  126.142561][ T2700]  ? __mutex_lock_slowpath+0x10/0x10
[  126.147684][ T2700]  __x64_sys_clone+0x23f/0x290
[  126.152283][ T2700]  ? __do_sys_vfork+0x130/0x130
[  126.156969][ T2700]  ? ksys_write+0x260/0x2c0
[  126.161309][ T2700]  ? debug_smp_processor_id+0x17/0x20
[  126.166706][ T2700]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  126.172606][ T2700]  ? exit_to_user_mode_prepare+0x39/0xa0
[  126.178076][ T2700]  do_syscall_64+0x3d/0xb0
[  126.182323][ T2700]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  126.188050][ T2700] RIP: 0033:0x7f7a0de6fda9
[  126.192303][ T2700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  126.211750][ T2700] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  126.219988][ T2700] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  126.227803][ T2700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  126.235616][ T2700] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  126.243422][ T2700] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  126.251239][ T2700] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  126.259050][ T2700]  </TASK>
[  126.261982][ T2706] CPU: 0 PID: 2706 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  126.271984][ T2706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  126.281878][ T2706] Call Trace:
[  126.284999][ T2706]  <TASK>
[  126.287775][ T2706]  dump_stack_lvl+0x151/0x1b7
[  126.292289][ T2706]  ? io_uring_drop_tctx_refs+0x190/0x190
[  126.297763][ T2706]  dump_stack+0x15/0x17
[  126.301750][ T2706]  should_fail+0x3c6/0x510
[  126.306004][ T2706]  should_fail_alloc_page+0x5a/0x80
[  126.311036][ T2706]  prepare_alloc_pages+0x15c/0x700
[  126.315988][ T2706]  ? __alloc_pages_bulk+0xe40/0xe40
[  126.321032][ T2706]  __alloc_pages+0x18c/0x8f0
[  126.325447][ T2706]  ? prep_new_page+0x110/0x110
[  126.330047][ T2706]  ? __alloc_pages+0x27e/0x8f0
[  126.334648][ T2706]  ? __kasan_check_write+0x14/0x20
[  126.339593][ T2706]  ? _raw_spin_lock+0xa4/0x1b0
[  126.344191][ T2706]  pte_alloc_one+0x73/0x1b0
[  126.348533][ T2706]  ? pfn_modify_allowed+0x2f0/0x2f0
[  126.353569][ T2706]  ? __pmd_alloc+0x48d/0x550
[  126.357996][ T2706]  __pte_alloc+0x86/0x350
[  126.362160][ T2706]  ? __pud_alloc+0x260/0x260
[  126.366582][ T2706]  ? __pud_alloc+0x213/0x260
[  126.371011][ T2706]  ? free_pgtables+0x280/0x280
[  126.375611][ T2706]  ? do_handle_mm_fault+0x2330/0x2330
[  126.380819][ T2706]  ? __stack_depot_save+0x34/0x470
[  126.385767][ T2706]  ? anon_vma_clone+0x9a/0x500
[  126.390367][ T2706]  copy_page_range+0x28a8/0x2f90
[  126.395138][ T2706]  ? __kasan_slab_alloc+0xb1/0xe0
[  126.399999][ T2706]  ? slab_post_alloc_hook+0x53/0x2c0
[  126.405121][ T2706]  ? kernel_clone+0x21e/0x9e0
[  126.409633][ T2706]  ? do_syscall_64+0x3d/0xb0
[  126.414056][ T2706]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  126.419972][ T2706]  ? pfn_valid+0x1e0/0x1e0
[  126.424218][ T2706]  ? rwsem_write_trylock+0x15b/0x290
[  126.429337][ T2706]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  126.435584][ T2706]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  126.441143][ T2706]  ? __rb_insert_augmented+0x5de/0x610
[  126.446434][ T2706]  copy_mm+0xc7e/0x13e0
[  126.450429][ T2706]  ? copy_signal+0x610/0x610
[  126.454849][ T2706]  ? __init_rwsem+0xd6/0x1c0
[  126.459276][ T2706]  ? copy_signal+0x4e3/0x610
[  126.463701][ T2706]  copy_process+0x1149/0x3290
[  126.468216][ T2706]  ? proc_fail_nth_write+0x20b/0x290
[  126.473336][ T2706]  ? fsnotify_perm+0x6a/0x5d0
[  126.477848][ T2706]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  126.482796][ T2706]  ? vfs_write+0x9ec/0x1110
[  126.487136][ T2706]  kernel_clone+0x21e/0x9e0
[  126.491474][ T2706]  ? file_end_write+0x1c0/0x1c0
[  126.496235][ T2706]  ? create_io_thread+0x1e0/0x1e0
[  126.501021][ T2706]  ? mutex_unlock+0xb2/0x260
[  126.505447][ T2706]  ? __mutex_lock_slowpath+0x10/0x10
[  126.510570][ T2706]  __x64_sys_clone+0x23f/0x290
[  126.515171][ T2706]  ? __do_sys_vfork+0x130/0x130
[  126.519856][ T2706]  ? ksys_write+0x260/0x2c0
[  126.524196][ T2706]  ? debug_smp_processor_id+0x17/0x20
[  126.529405][ T2706]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  126.535316][ T2706]  ? exit_to_user_mode_prepare+0x39/0xa0
[  126.540801][ T2706]  do_syscall_64+0x3d/0xb0
[  126.545029][ T2706]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  126.550758][ T2706] RIP: 0033:0x7faae203fda9
[  126.555010][ T2706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  126.574454][ T2706] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  126.582816][ T2706] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  126.590617][ T2706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  126.598428][ T2706] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:41 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

21:57:41 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:41 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb01001800000000003ed370ffee60a9dd0000030000000d0000000000000100000000420026000e0000000200000f0100000002000000682d0355000000000100000073f6ffff81000000e50c0000000400000f0100000003000000080000000f0d0000020000007f000000040000000100000059dd0000040000000300000017f4422a00000000d50e0000000000000201000000030000000a00000f020000000200000000000000000000b805000000040000000600000002000000060000001f000000030000000900000007000000050000000800000086df000005000000060000000500000001000000020000003b91000005000000001000000100000005000000ff0f0000000000000300000000800000bd000000b69c070000000900000f0200000004000000000000000900000001000000e9000000090000000500000048480000ffffff7f01000000060000005cde614d01000000010000000000000002000000070000000004000003000000ffff0000050000000400000035770000ff030000010000007ad9000042000000ec57090000000000000e0200000001000000030000000000000c05000000040000000000000b000000000000000000"], &(0x7f0000000380)=""/132, 0x1c3, 0x84, 0x1, 0x5}, 0x20) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:41 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

[  126.606244][ T2706] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  126.614051][ T2706] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  126.621872][ T2706]  </TASK>
21:57:41 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', r0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  126.669120][ T2715] FAULT_INJECTION: forcing a failure.
[  126.669120][ T2715] name failslab, interval 1, probability 0, space 0, times 0
[  126.695226][ T2723] FAULT_INJECTION: forcing a failure.
[  126.695226][ T2723] name failslab, interval 1, probability 0, space 0, times 0
[  126.696155][ T2715] CPU: 0 PID: 2715 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  126.717719][ T2715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  126.727613][ T2715] Call Trace:
[  126.730731][ T2715]  <TASK>
[  126.733516][ T2715]  dump_stack_lvl+0x151/0x1b7
[  126.738023][ T2715]  ? io_uring_drop_tctx_refs+0x190/0x190
[  126.743490][ T2715]  dump_stack+0x15/0x17
[  126.747479][ T2715]  should_fail+0x3c6/0x510
[  126.751821][ T2715]  __should_failslab+0xa4/0xe0
[  126.756522][ T2715]  ? anon_vma_clone+0x9a/0x500
[  126.761118][ T2715]  should_failslab+0x9/0x20
[  126.765457][ T2715]  slab_pre_alloc_hook+0x37/0xd0
[  126.770233][ T2715]  ? anon_vma_clone+0x9a/0x500
[  126.774831][ T2715]  kmem_cache_alloc+0x44/0x200
[  126.779436][ T2715]  anon_vma_clone+0x9a/0x500
[  126.783864][ T2715]  anon_vma_fork+0x91/0x4e0
[  126.788200][ T2715]  ? anon_vma_name+0x4c/0x70
[  126.792622][ T2715]  ? vm_area_dup+0x17a/0x230
[  126.797054][ T2715]  copy_mm+0xa3a/0x13e0
[  126.801051][ T2715]  ? copy_signal+0x610/0x610
[  126.805471][ T2715]  ? __init_rwsem+0xd6/0x1c0
[  126.809899][ T2715]  ? copy_signal+0x4e3/0x610
[  126.814330][ T2715]  copy_process+0x1149/0x3290
[  126.818841][ T2715]  ? proc_fail_nth_write+0x20b/0x290
[  126.823961][ T2715]  ? fsnotify_perm+0x6a/0x5d0
[  126.828478][ T2715]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  126.833517][ T2715]  ? vfs_write+0x9ec/0x1110
[  126.837858][ T2715]  kernel_clone+0x21e/0x9e0
[  126.842195][ T2715]  ? file_end_write+0x1c0/0x1c0
[  126.846884][ T2715]  ? create_io_thread+0x1e0/0x1e0
[  126.851740][ T2715]  ? mutex_unlock+0xb2/0x260
[  126.856169][ T2715]  ? __mutex_lock_slowpath+0x10/0x10
[  126.861292][ T2715]  __x64_sys_clone+0x23f/0x290
[  126.865891][ T2715]  ? __do_sys_vfork+0x130/0x130
[  126.870574][ T2715]  ? ksys_write+0x260/0x2c0
[  126.874921][ T2715]  ? debug_smp_processor_id+0x17/0x20
[  126.880129][ T2715]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  126.886027][ T2715]  ? exit_to_user_mode_prepare+0x39/0xa0
[  126.891495][ T2715]  do_syscall_64+0x3d/0xb0
[  126.895747][ T2715]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  126.901484][ T2715] RIP: 0033:0x7f7a0de6fda9
[  126.905729][ T2715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  126.925168][ T2715] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  126.933413][ T2715] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  126.941227][ T2715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  126.949034][ T2715] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  126.957019][ T2715] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  126.964833][ T2715] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  126.972648][ T2715]  </TASK>
[  126.975519][ T2723] CPU: 1 PID: 2723 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  126.985580][ T2723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  126.995473][ T2723] Call Trace:
[  126.998592][ T2723]  <TASK>
[  127.001370][ T2723]  dump_stack_lvl+0x151/0x1b7
[  127.005884][ T2723]  ? io_uring_drop_tctx_refs+0x190/0x190
[  127.011351][ T2723]  dump_stack+0x15/0x17
[  127.015345][ T2723]  should_fail+0x3c6/0x510
[  127.019605][ T2723]  __should_failslab+0xa4/0xe0
[  127.024196][ T2723]  ? vm_area_dup+0x26/0x230
[  127.028535][ T2723]  should_failslab+0x9/0x20
[  127.032875][ T2723]  slab_pre_alloc_hook+0x37/0xd0
[  127.037649][ T2723]  ? vm_area_dup+0x26/0x230
[  127.041988][ T2723]  kmem_cache_alloc+0x44/0x200
[  127.046589][ T2723]  vm_area_dup+0x26/0x230
[  127.050758][ T2723]  copy_mm+0x9a1/0x13e0
[  127.054749][ T2723]  ? copy_signal+0x610/0x610
[  127.059178][ T2723]  ? __init_rwsem+0xd6/0x1c0
[  127.063603][ T2723]  ? copy_signal+0x4e3/0x610
[  127.068026][ T2723]  copy_process+0x1149/0x3290
[  127.072545][ T2723]  ? proc_fail_nth_write+0x20b/0x290
[  127.077660][ T2723]  ? fsnotify_perm+0x6a/0x5d0
[  127.082177][ T2723]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  127.087124][ T2723]  ? vfs_write+0x9ec/0x1110
[  127.091480][ T2723]  kernel_clone+0x21e/0x9e0
[  127.095805][ T2723]  ? file_end_write+0x1c0/0x1c0
[  127.100500][ T2723]  ? create_io_thread+0x1e0/0x1e0
[  127.105360][ T2723]  ? mutex_unlock+0xb2/0x260
[  127.109778][ T2723]  ? __mutex_lock_slowpath+0x10/0x10
[  127.114895][ T2723]  __x64_sys_clone+0x23f/0x290
[  127.119495][ T2723]  ? __do_sys_vfork+0x130/0x130
[  127.124180][ T2723]  ? ksys_write+0x260/0x2c0
[  127.128522][ T2723]  ? debug_smp_processor_id+0x17/0x20
[  127.133730][ T2723]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  127.139630][ T2723]  ? exit_to_user_mode_prepare+0x39/0xa0
[  127.145098][ T2723]  do_syscall_64+0x3d/0xb0
[  127.149350][ T2723]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  127.155078][ T2723] RIP: 0033:0x7faae203fda9
[  127.159334][ T2723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  127.178779][ T2723] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  127.187022][ T2723] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  127.194830][ T2723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  127.202645][ T2723] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  127.210453][ T2723] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:42 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

21:57:42 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', r0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  127.218269][ T2723] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  127.226079][ T2723]  </TASK>
21:57:42 executing program 2:
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:42 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

[  127.262078][ T2732] FAULT_INJECTION: forcing a failure.
[  127.262078][ T2732] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  127.282066][ T2732] CPU: 0 PID: 2732 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  127.292149][ T2732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  127.302043][ T2732] Call Trace:
[  127.305164][ T2732]  <TASK>
[  127.307942][ T2732]  dump_stack_lvl+0x151/0x1b7
[  127.312452][ T2732]  ? io_uring_drop_tctx_refs+0x190/0x190
[  127.317923][ T2732]  dump_stack+0x15/0x17
[  127.321914][ T2732]  should_fail+0x3c6/0x510
[  127.326170][ T2732]  should_fail_alloc_page+0x5a/0x80
[  127.331215][ T2732]  prepare_alloc_pages+0x15c/0x700
[  127.336151][ T2732]  ? __alloc_pages+0x8f0/0x8f0
[  127.340747][ T2732]  ? __alloc_pages_bulk+0xe40/0xe40
[  127.345782][ T2732]  __alloc_pages+0x18c/0x8f0
[  127.350209][ T2732]  ? prep_new_page+0x110/0x110
[  127.354809][ T2732]  ? is_bpf_text_address+0x172/0x190
[  127.359929][ T2732]  pte_alloc_one+0x73/0x1b0
[  127.364267][ T2732]  ? pfn_modify_allowed+0x2f0/0x2f0
[  127.369301][ T2732]  ? arch_stack_walk+0xf3/0x140
[  127.373988][ T2732]  __pte_alloc+0x86/0x350
[  127.378155][ T2732]  ? free_pgtables+0x280/0x280
[  127.382753][ T2732]  ? _raw_spin_lock+0xa4/0x1b0
[  127.387354][ T2732]  ? __kasan_check_write+0x14/0x20
[  127.392302][ T2732]  copy_page_range+0x28a8/0x2f90
[  127.397079][ T2732]  ? __kasan_slab_alloc+0xb1/0xe0
[  127.401942][ T2732]  ? pfn_valid+0x1e0/0x1e0
[  127.406195][ T2732]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[  127.411743][ T2732]  ? __rb_insert_augmented+0x5de/0x610
[  127.417044][ T2732]  copy_mm+0xc7e/0x13e0
[  127.421036][ T2732]  ? copy_signal+0x610/0x610
[  127.425472][ T2732]  ? __init_rwsem+0xd6/0x1c0
[  127.429975][ T2732]  ? copy_signal+0x4e3/0x610
[  127.434396][ T2732]  copy_process+0x1149/0x3290
[  127.438910][ T2732]  ? proc_fail_nth_write+0x20b/0x290
[  127.444034][ T2732]  ? fsnotify_perm+0x6a/0x5d0
[  127.448544][ T2732]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  127.453492][ T2732]  ? vfs_write+0x9ec/0x1110
[  127.457831][ T2732]  kernel_clone+0x21e/0x9e0
[  127.462170][ T2732]  ? file_end_write+0x1c0/0x1c0
[  127.466857][ T2732]  ? create_io_thread+0x1e0/0x1e0
[  127.471717][ T2732]  ? mutex_unlock+0xb2/0x260
[  127.476144][ T2732]  ? __mutex_lock_slowpath+0x10/0x10
[  127.481265][ T2732]  __x64_sys_clone+0x23f/0x290
[  127.485866][ T2732]  ? __do_sys_vfork+0x130/0x130
[  127.490549][ T2732]  ? ksys_write+0x260/0x2c0
[  127.494891][ T2732]  ? debug_smp_processor_id+0x17/0x20
[  127.500100][ T2732]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  127.505999][ T2732]  ? exit_to_user_mode_prepare+0x39/0xa0
[  127.511488][ T2732]  do_syscall_64+0x3d/0xb0
[  127.515720][ T2732]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  127.521454][ T2732] RIP: 0033:0x7faae203fda9
[  127.525706][ T2732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  127.545144][ T2732] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  127.553391][ T2732] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:42 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:42 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

[  127.561201][ T2732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  127.569012][ T2732] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  127.576824][ T2732] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  127.584642][ T2732] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  127.592455][ T2732]  </TASK>
21:57:42 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', r0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0x1, 0x58}, 0x10) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', r0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

[  127.620315][ T2734] FAULT_INJECTION: forcing a failure.
[  127.620315][ T2734] name failslab, interval 1, probability 0, space 0, times 0
[  127.630626][ T2738] FAULT_INJECTION: forcing a failure.
[  127.630626][ T2738] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  127.646223][ T2738] CPU: 1 PID: 2738 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  127.656290][ T2738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  127.666181][ T2738] Call Trace:
[  127.669305][ T2738]  <TASK>
[  127.672171][ T2738]  dump_stack_lvl+0x151/0x1b7
[  127.676686][ T2738]  ? io_uring_drop_tctx_refs+0x190/0x190
[  127.682150][ T2738]  ? irqentry_exit+0x30/0x40
[  127.686578][ T2738]  dump_stack+0x15/0x17
[  127.690567][ T2738]  should_fail+0x3c6/0x510
[  127.694824][ T2738]  should_fail_alloc_page+0x5a/0x80
[  127.699865][ T2738]  prepare_alloc_pages+0x15c/0x700
[  127.704804][ T2738]  ? __alloc_pages_bulk+0xe40/0xe40
[  127.709841][ T2738]  __alloc_pages+0x18c/0x8f0
[  127.714267][ T2738]  ? prep_new_page+0x110/0x110
[  127.718868][ T2738]  get_zeroed_page+0x1b/0x40
[  127.723292][ T2738]  __pud_alloc+0x8b/0x260
[  127.727458][ T2738]  ? stack_trace_snprint+0xf0/0xf0
[  127.732402][ T2738]  ? do_handle_mm_fault+0x2330/0x2330
[  127.737612][ T2738]  ? __stack_depot_save+0x34/0x470
[  127.742560][ T2738]  ? anon_vma_clone+0x9a/0x500
[  127.747159][ T2738]  copy_page_range+0x2bcf/0x2f90
[  127.751931][ T2738]  ? __kasan_slab_alloc+0xb1/0xe0
[  127.756790][ T2738]  ? slab_post_alloc_hook+0x53/0x2c0
[  127.761913][ T2738]  ? copy_mm+0xa3a/0x13e0
[  127.766079][ T2738]  ? copy_process+0x1149/0x3290
[  127.770769][ T2738]  ? kernel_clone+0x21e/0x9e0
[  127.775282][ T2738]  ? __x64_sys_clone+0x23f/0x290
[  127.780052][ T2738]  ? do_syscall_64+0x3d/0xb0
[  127.784481][ T2738]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  127.790394][ T2738]  ? pfn_valid+0x1e0/0x1e0
[  127.794637][ T2738]  ? rwsem_write_trylock+0x15b/0x290
[  127.799753][ T2738]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  127.806003][ T2738]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  127.811559][ T2738]  ? __rb_insert_augmented+0x5de/0x610
[  127.816856][ T2738]  copy_mm+0xc7e/0x13e0
[  127.820850][ T2738]  ? copy_signal+0x610/0x610
[  127.825365][ T2738]  ? __init_rwsem+0xd6/0x1c0
[  127.829790][ T2738]  ? copy_signal+0x4e3/0x610
[  127.834212][ T2738]  copy_process+0x1149/0x3290
[  127.838723][ T2738]  ? proc_fail_nth_write+0x20b/0x290
[  127.843842][ T2738]  ? fsnotify_perm+0x6a/0x5d0
[  127.848355][ T2738]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  127.853303][ T2738]  ? vfs_write+0x9ec/0x1110
[  127.857644][ T2738]  kernel_clone+0x21e/0x9e0
[  127.861984][ T2738]  ? file_end_write+0x1c0/0x1c0
[  127.866670][ T2738]  ? create_io_thread+0x1e0/0x1e0
[  127.871531][ T2738]  ? mutex_unlock+0xb2/0x260
[  127.875954][ T2738]  ? __mutex_lock_slowpath+0x10/0x10
[  127.881078][ T2738]  __x64_sys_clone+0x23f/0x290
[  127.885681][ T2738]  ? __do_sys_vfork+0x130/0x130
[  127.890391][ T2738]  ? ksys_write+0x260/0x2c0
[  127.894703][ T2738]  ? debug_smp_processor_id+0x17/0x20
[  127.899912][ T2738]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  127.905811][ T2738]  ? exit_to_user_mode_prepare+0x39/0xa0
[  127.911280][ T2738]  do_syscall_64+0x3d/0xb0
[  127.915532][ T2738]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  127.921272][ T2738] RIP: 0033:0x7faae203fda9
[  127.925521][ T2738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  127.944957][ T2738] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  127.953289][ T2738] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  127.961099][ T2738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  127.968908][ T2738] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  127.976723][ T2738] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  127.984531][ T2738] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  127.992347][ T2738]  </TASK>
[  127.999436][ T2734] CPU: 1 PID: 2734 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  128.009518][ T2734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  128.019419][ T2734] Call Trace:
[  128.022534][ T2734]  <TASK>
[  128.025311][ T2734]  dump_stack_lvl+0x151/0x1b7
[  128.029825][ T2734]  ? io_uring_drop_tctx_refs+0x190/0x190
[  128.035293][ T2734]  dump_stack+0x15/0x17
[  128.039282][ T2734]  should_fail+0x3c6/0x510
[  128.043537][ T2734]  __should_failslab+0xa4/0xe0
[  128.048137][ T2734]  ? anon_vma_fork+0xf7/0x4e0
[  128.052647][ T2734]  should_failslab+0x9/0x20
[  128.056988][ T2734]  slab_pre_alloc_hook+0x37/0xd0
[  128.061761][ T2734]  ? anon_vma_fork+0xf7/0x4e0
[  128.066273][ T2734]  kmem_cache_alloc+0x44/0x200
[  128.070876][ T2734]  anon_vma_fork+0xf7/0x4e0
[  128.075213][ T2734]  ? anon_vma_name+0x4c/0x70
[  128.079641][ T2734]  ? vm_area_dup+0x17a/0x230
[  128.084070][ T2734]  copy_mm+0xa3a/0x13e0
[  128.088064][ T2734]  ? copy_signal+0x610/0x610
[  128.092487][ T2734]  ? __init_rwsem+0xd6/0x1c0
[  128.096914][ T2734]  ? copy_signal+0x4e3/0x610
[  128.101338][ T2734]  copy_process+0x1149/0x3290
[  128.105853][ T2734]  ? proc_fail_nth_write+0x20b/0x290
[  128.111040][ T2734]  ? fsnotify_perm+0x6a/0x5d0
[  128.115504][ T2734]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  128.120432][ T2734]  ? vfs_write+0x9ec/0x1110
[  128.124776][ T2734]  kernel_clone+0x21e/0x9e0
[  128.129111][ T2734]  ? file_end_write+0x1c0/0x1c0
[  128.133801][ T2734]  ? create_io_thread+0x1e0/0x1e0
[  128.138748][ T2734]  ? mutex_unlock+0xb2/0x260
[  128.143172][ T2734]  ? __mutex_lock_slowpath+0x10/0x10
[  128.148293][ T2734]  __x64_sys_clone+0x23f/0x290
[  128.152895][ T2734]  ? __do_sys_vfork+0x130/0x130
[  128.157585][ T2734]  ? ksys_write+0x260/0x2c0
[  128.161922][ T2734]  ? debug_smp_processor_id+0x17/0x20
[  128.167127][ T2734]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  128.173031][ T2734]  ? exit_to_user_mode_prepare+0x39/0xa0
[  128.178500][ T2734]  do_syscall_64+0x3d/0xb0
[  128.182749][ T2734]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  128.188482][ T2734] RIP: 0033:0x7f7a0de6fda9
[  128.192735][ T2734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  128.212172][ T2734] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:43 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

21:57:43 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0xfffffffe, 0x0, 0x1, 0xfff, '\x00', 0x0, r3, 0x4, 0x5}, 0x48)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r4, r5, 0xffffffffffffffff]}, 0x80)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r5, 0x58, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x1a8, 0x2, 0x4, 0x0, r2, 0x8000, '\x00', r6, r3, 0x2, 0x5, 0x5}, 0x48)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x101, <r8=>0x0}, 0x8)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf2, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x40}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x0, 0x4, 0x3, 0x2, 0x0, 0x1}]}, &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[r0], &(0x7f0000000340)=[{0x2, 0x4, 0xd, 0xd}, {0x3, 0x1, 0x4, 0x2}, {0x1, 0x4, 0x7, 0x3}, {0x5, 0x3, 0xe, 0x4}, {0x3, 0x2, 0x10, 0x6}, {0x3, 0x2, 0x6, 0x6}, {0x3, 0x5, 0x7, 0xb}], 0x10, 0x2}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x5, &(0x7f0000000000)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x200000}, @generic={0x9, 0x1, 0x0, 0xfffd, 0x3f}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x2}], &(0x7f0000000040)='GPL\x00', 0x4, 0x20, &(0x7f0000000100)=""/32, 0x41100, 0x20, '\x00', r6, 0x27, r7, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0xd, 0x7, 0xb99a}, 0x10, r8, r9, 0x0, &(0x7f0000000480)=[r0], 0x0, 0x10, 0x7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:43 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

21:57:43 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  128.220432][ T2734] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  128.228228][ T2734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  128.236039][ T2734] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  128.243851][ T2734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  128.251663][ T2734] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  128.259479][ T2734]  </TASK>
[  128.322408][ T2758] FAULT_INJECTION: forcing a failure.
[  128.322408][ T2758] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  128.336347][ T2757] FAULT_INJECTION: forcing a failure.
[  128.336347][ T2757] name failslab, interval 1, probability 0, space 0, times 0
[  128.365283][ T2757] CPU: 1 PID: 2757 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  128.375370][ T2757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  128.385265][ T2757] Call Trace:
[  128.388385][ T2757]  <TASK>
[  128.391161][ T2757]  dump_stack_lvl+0x151/0x1b7
[  128.395675][ T2757]  ? io_uring_drop_tctx_refs+0x190/0x190
[  128.401147][ T2757]  dump_stack+0x15/0x17
[  128.405204][ T2757]  should_fail+0x3c6/0x510
[  128.409393][ T2757]  __should_failslab+0xa4/0xe0
[  128.413990][ T2757]  ? vm_area_dup+0x26/0x230
[  128.418329][ T2757]  should_failslab+0x9/0x20
[  128.422668][ T2757]  slab_pre_alloc_hook+0x37/0xd0
[  128.427444][ T2757]  ? vm_area_dup+0x26/0x230
[  128.431781][ T2757]  kmem_cache_alloc+0x44/0x200
[  128.436383][ T2757]  vm_area_dup+0x26/0x230
[  128.440550][ T2757]  copy_mm+0x9a1/0x13e0
[  128.444542][ T2757]  ? copy_signal+0x610/0x610
[  128.448964][ T2757]  ? __init_rwsem+0xd6/0x1c0
[  128.453401][ T2757]  ? copy_signal+0x4e3/0x610
[  128.457824][ T2757]  copy_process+0x1149/0x3290
[  128.462339][ T2757]  ? proc_fail_nth_write+0x20b/0x290
[  128.467453][ T2757]  ? fsnotify_perm+0x6a/0x5d0
[  128.471965][ T2757]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  128.476911][ T2757]  ? vfs_write+0x9ec/0x1110
[  128.481254][ T2757]  kernel_clone+0x21e/0x9e0
[  128.485591][ T2757]  ? file_end_write+0x1c0/0x1c0
[  128.490281][ T2757]  ? create_io_thread+0x1e0/0x1e0
[  128.495135][ T2757]  ? mutex_unlock+0xb2/0x260
[  128.499564][ T2757]  ? __mutex_lock_slowpath+0x10/0x10
[  128.504685][ T2757]  __x64_sys_clone+0x23f/0x290
[  128.509284][ T2757]  ? __do_sys_vfork+0x130/0x130
[  128.513970][ T2757]  ? ksys_write+0x260/0x2c0
[  128.518317][ T2757]  ? debug_smp_processor_id+0x17/0x20
[  128.523517][ T2757]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  128.529420][ T2757]  ? exit_to_user_mode_prepare+0x39/0xa0
[  128.534896][ T2757]  do_syscall_64+0x3d/0xb0
[  128.539143][ T2757]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  128.544876][ T2757] RIP: 0033:0x7f7a0de6fda9
[  128.549125][ T2757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:43 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0xfffffffe, 0x0, 0x1, 0xfff, '\x00', 0x0, r3, 0x4, 0x5}, 0x48)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r4, r5, 0xffffffffffffffff]}, 0x80) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r5, 0x58, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x1a8, 0x2, 0x4, 0x0, r2, 0x8000, '\x00', r6, r3, 0x2, 0x5, 0x5}, 0x48) (async)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x101, <r8=>0x0}, 0x8) (async)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf2, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x40}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x0, 0x4, 0x3, 0x2, 0x0, 0x1}]}, &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[r0], &(0x7f0000000340)=[{0x2, 0x4, 0xd, 0xd}, {0x3, 0x1, 0x4, 0x2}, {0x1, 0x4, 0x7, 0x3}, {0x5, 0x3, 0xe, 0x4}, {0x3, 0x2, 0x10, 0x6}, {0x3, 0x2, 0x6, 0x6}, {0x3, 0x5, 0x7, 0xb}], 0x10, 0x2}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x5, &(0x7f0000000000)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x200000}, @generic={0x9, 0x1, 0x0, 0xfffd, 0x3f}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x2}], &(0x7f0000000040)='GPL\x00', 0x4, 0x20, &(0x7f0000000100)=""/32, 0x41100, 0x20, '\x00', r6, 0x27, r7, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0xd, 0x7, 0xb99a}, 0x10, r8, r9, 0x0, &(0x7f0000000480)=[r0], 0x0, 0x10, 0x7}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  128.568568][ T2757] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  128.576809][ T2757] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  128.584620][ T2757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  128.592433][ T2757] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  128.600245][ T2757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  128.608056][ T2757] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  128.615871][ T2757]  </TASK>
21:57:43 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

[  128.620126][ T2758] CPU: 1 PID: 2758 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  128.630209][ T2758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  128.640102][ T2758] Call Trace:
[  128.643225][ T2758]  <TASK>
[  128.646003][ T2758]  dump_stack_lvl+0x151/0x1b7
[  128.650540][ T2758]  ? io_uring_drop_tctx_refs+0x190/0x190
[  128.655978][ T2758]  ? sched_clock+0x9/0x10
[  128.660144][ T2758]  dump_stack+0x15/0x17
[  128.664231][ T2758]  should_fail+0x3c6/0x510
[  128.668482][ T2758]  should_fail_alloc_page+0x5a/0x80
[  128.673509][ T2758]  prepare_alloc_pages+0x15c/0x700
[  128.678460][ T2758]  ? __alloc_pages_bulk+0xe40/0xe40
[  128.683496][ T2758]  __alloc_pages+0x18c/0x8f0
[  128.687916][ T2758]  ? prep_new_page+0x110/0x110
[  128.692522][ T2758]  get_zeroed_page+0x1b/0x40
[  128.696943][ T2758]  __pud_alloc+0x8b/0x260
[  128.701110][ T2758]  ? stack_trace_snprint+0xf0/0xf0
[  128.706054][ T2758]  ? do_handle_mm_fault+0x2330/0x2330
[  128.711264][ T2758]  ? __stack_depot_save+0x34/0x470
[  128.716210][ T2758]  ? anon_vma_clone+0x9a/0x500
[  128.720810][ T2758]  copy_page_range+0x2bcf/0x2f90
[  128.725583][ T2758]  ? __kasan_slab_alloc+0xb1/0xe0
[  128.730442][ T2758]  ? slab_post_alloc_hook+0x53/0x2c0
[  128.735572][ T2758]  ? copy_mm+0xa3a/0x13e0
[  128.739732][ T2758]  ? copy_process+0x1149/0x3290
[  128.744419][ T2758]  ? kernel_clone+0x21e/0x9e0
[  128.749245][ T2758]  ? __x64_sys_clone+0x23f/0x290
[  128.754011][ T2758]  ? do_syscall_64+0x3d/0xb0
[  128.758444][ T2758]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  128.764356][ T2758]  ? pfn_valid+0x1e0/0x1e0
[  128.768593][ T2758]  ? rwsem_write_trylock+0x15b/0x290
[  128.773717][ T2758]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  128.779965][ T2758]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  128.785519][ T2758]  ? __rb_insert_augmented+0x5de/0x610
[  128.790814][ T2758]  copy_mm+0xc7e/0x13e0
[  128.794807][ T2758]  ? copy_signal+0x610/0x610
[  128.799238][ T2758]  ? __init_rwsem+0xd6/0x1c0
[  128.803669][ T2758]  ? copy_signal+0x4e3/0x610
[  128.808090][ T2758]  copy_process+0x1149/0x3290
[  128.812694][ T2758]  ? proc_fail_nth_write+0x20b/0x290
[  128.817814][ T2758]  ? fsnotify_perm+0x6a/0x5d0
[  128.822327][ T2758]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  128.827273][ T2758]  ? vfs_write+0x9ec/0x1110
[  128.831617][ T2758]  kernel_clone+0x21e/0x9e0
[  128.835953][ T2758]  ? file_end_write+0x1c0/0x1c0
[  128.840641][ T2758]  ? create_io_thread+0x1e0/0x1e0
[  128.845497][ T2758]  ? mutex_unlock+0xb2/0x260
[  128.849927][ T2758]  ? __mutex_lock_slowpath+0x10/0x10
[  128.855046][ T2758]  __x64_sys_clone+0x23f/0x290
[  128.859647][ T2758]  ? __do_sys_vfork+0x130/0x130
[  128.864331][ T2758]  ? ksys_write+0x260/0x2c0
[  128.868682][ T2758]  ? debug_smp_processor_id+0x17/0x20
[  128.873879][ T2758]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  128.879779][ T2758]  ? exit_to_user_mode_prepare+0x39/0xa0
[  128.885251][ T2758]  do_syscall_64+0x3d/0xb0
[  128.889503][ T2758]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  128.895232][ T2758] RIP: 0033:0x7faae203fda9
[  128.899497][ T2758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  128.918926][ T2758] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  128.927170][ T2758] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  128.934979][ T2758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  128.942792][ T2758] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  128.950606][ T2758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  128.958417][ T2758] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  128.966229][ T2758]  </TASK>
[  128.971902][ T2764] FAULT_INJECTION: forcing a failure.
[  128.971902][ T2764] name failslab, interval 1, probability 0, space 0, times 0
[  128.992503][ T2764] CPU: 1 PID: 2764 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  129.002584][ T2764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  129.012476][ T2764] Call Trace:
[  129.015599][ T2764]  <TASK>
[  129.018377][ T2764]  dump_stack_lvl+0x151/0x1b7
[  129.022891][ T2764]  ? io_uring_drop_tctx_refs+0x190/0x190
[  129.028363][ T2764]  ? avc_denied+0x1b0/0x1b0
[  129.032702][ T2764]  dump_stack+0x15/0x17
[  129.036692][ T2764]  should_fail+0x3c6/0x510
[  129.040944][ T2764]  __should_failslab+0xa4/0xe0
[  129.045546][ T2764]  ? vm_area_dup+0x26/0x230
[  129.049884][ T2764]  should_failslab+0x9/0x20
[  129.054221][ T2764]  slab_pre_alloc_hook+0x37/0xd0
[  129.058999][ T2764]  ? vm_area_dup+0x26/0x230
[  129.063336][ T2764]  kmem_cache_alloc+0x44/0x200
[  129.067936][ T2764]  vm_area_dup+0x26/0x230
[  129.072102][ T2764]  copy_mm+0x9a1/0x13e0
[  129.076102][ T2764]  ? copy_signal+0x610/0x610
[  129.080521][ T2764]  ? __init_rwsem+0xd6/0x1c0
[  129.084948][ T2764]  ? copy_signal+0x4e3/0x610
[  129.089373][ T2764]  copy_process+0x1149/0x3290
[  129.093887][ T2764]  ? proc_fail_nth_write+0x20b/0x290
[  129.099008][ T2764]  ? fsnotify_perm+0x6a/0x5d0
[  129.103520][ T2764]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  129.108467][ T2764]  ? vfs_write+0x9ec/0x1110
[  129.112807][ T2764]  kernel_clone+0x21e/0x9e0
[  129.117146][ T2764]  ? file_end_write+0x1c0/0x1c0
[  129.121836][ T2764]  ? create_io_thread+0x1e0/0x1e0
[  129.126696][ T2764]  ? mutex_unlock+0xb2/0x260
[  129.131121][ T2764]  ? __mutex_lock_slowpath+0x10/0x10
[  129.136249][ T2764]  __x64_sys_clone+0x23f/0x290
[  129.140931][ T2764]  ? __do_sys_vfork+0x130/0x130
[  129.145623][ T2764]  ? ksys_write+0x260/0x2c0
[  129.149963][ T2764]  ? debug_smp_processor_id+0x17/0x20
[  129.155512][ T2764]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  129.161510][ T2764]  ? exit_to_user_mode_prepare+0x39/0xa0
[  129.166978][ T2764]  do_syscall_64+0x3d/0xb0
[  129.171223][ T2764]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  129.176957][ T2764] RIP: 0033:0x7f7a0de6fda9
[  129.181290][ T2764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  129.200869][ T2764] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  129.209076][ T2764] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  129.216884][ T2764] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:44 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:44 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

21:57:44 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

21:57:44 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0xfffffffe, 0x0, 0x1, 0xfff, '\x00', 0x0, r3, 0x4, 0x5}, 0x48)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r4, r5, 0xffffffffffffffff]}, 0x80)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r5, 0x58, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x1a8, 0x2, 0x4, 0x0, r2, 0x8000, '\x00', r6, r3, 0x2, 0x5, 0x5}, 0x48)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x101, <r8=>0x0}, 0x8)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf2, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x40}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x0, 0x4, 0x3, 0x2, 0x0, 0x1}]}, &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[r0], &(0x7f0000000340)=[{0x2, 0x4, 0xd, 0xd}, {0x3, 0x1, 0x4, 0x2}, {0x1, 0x4, 0x7, 0x3}, {0x5, 0x3, 0xe, 0x4}, {0x3, 0x2, 0x10, 0x6}, {0x3, 0x2, 0x6, 0x6}, {0x3, 0x5, 0x7, 0xb}], 0x10, 0x2}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x5, &(0x7f0000000000)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x200000}, @generic={0x9, 0x1, 0x0, 0xfffd, 0x3f}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x2}], &(0x7f0000000040)='GPL\x00', 0x4, 0x20, &(0x7f0000000100)=""/32, 0x41100, 0x20, '\x00', r6, 0x27, r7, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0xd, 0x7, 0xb99a}, 0x10, r8, r9, 0x0, &(0x7f0000000480)=[r0], 0x0, 0x10, 0x7}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xd, 0x0, 0x1f, 0xfffffffe, 0x0, 0x1, 0xfff, '\x00', 0x0, r3, 0x4, 0x5}, 0x48) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880), 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xa, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f00000002c0)='GPL\x00', 0x3, 0xc, &(0x7f0000000380)=""/12, 0x9f71cadf2e2d7e4c, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x10, 0x4, 0x400}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000008c0)=[r4, r5, 0xffffffffffffffff]}, 0x80) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r5, 0x58, &(0x7f0000000700)}, 0x10) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x1a8, 0x2, 0x4, 0x0, r2, 0x8000, '\x00', r6, r3, 0x2, 0x5, 0x5}, 0x48) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x101}, 0x8) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf2, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x40}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x0, 0x4, 0x3, 0x2, 0x0, 0x1}]}, &(0x7f00000002c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[r0], &(0x7f0000000340)=[{0x2, 0x4, 0xd, 0xd}, {0x3, 0x1, 0x4, 0x2}, {0x1, 0x4, 0x7, 0x3}, {0x5, 0x3, 0xe, 0x4}, {0x3, 0x2, 0x10, 0x6}, {0x3, 0x2, 0x6, 0x6}, {0x3, 0x5, 0x7, 0xb}], 0x10, 0x2}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x5, &(0x7f0000000000)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x200000}, @generic={0x9, 0x1, 0x0, 0xfffd, 0x3f}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x2}], &(0x7f0000000040)='GPL\x00', 0x4, 0x20, &(0x7f0000000100)=""/32, 0x41100, 0x20, '\x00', r6, 0x27, r7, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0xd, 0x7, 0xb99a}, 0x10, r8, r9, 0x0, &(0x7f0000000480)=[r0], 0x0, 0x10, 0x7}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

[  129.224687][ T2764] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  129.232504][ T2764] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  129.240502][ T2764] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
[  129.248319][ T2764]  </TASK>
21:57:44 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  129.291382][ T2770] FAULT_INJECTION: forcing a failure.
[  129.291382][ T2770] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  129.314502][ T2770] CPU: 0 PID: 2770 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  129.324594][ T2770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  129.334747][ T2770] Call Trace:
[  129.337867][ T2770]  <TASK>
[  129.339652][ T2776] FAULT_INJECTION: forcing a failure.
[  129.339652][ T2776] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  129.340642][ T2770]  dump_stack_lvl+0x151/0x1b7
[  129.358395][ T2770]  ? io_uring_drop_tctx_refs+0x190/0x190
[  129.364158][ T2770]  dump_stack+0x15/0x17
[  129.368662][ T2770]  should_fail+0x3c6/0x510
[  129.372912][ T2770]  should_fail_alloc_page+0x5a/0x80
[  129.378206][ T2770]  prepare_alloc_pages+0x15c/0x700
[  129.383375][ T2770]  ? __alloc_pages_bulk+0xe40/0xe40
[  129.388632][ T2770]  __alloc_pages+0x18c/0x8f0
[  129.393160][ T2770]  ? prep_new_page+0x110/0x110
[  129.397928][ T2770]  get_zeroed_page+0x1b/0x40
[  129.402569][ T2770]  __pud_alloc+0x8b/0x260
[  129.407208][ T2770]  ? stack_trace_snprint+0xf0/0xf0
[  129.412154][ T2770]  ? do_handle_mm_fault+0x2330/0x2330
[  129.417480][ T2770]  ? __stack_depot_save+0x34/0x470
[  129.422536][ T2770]  ? anon_vma_clone+0x9a/0x500
[  129.427739][ T2770]  copy_page_range+0x2bcf/0x2f90
[  129.432639][ T2770]  ? __kasan_slab_alloc+0xb1/0xe0
[  129.437489][ T2770]  ? slab_post_alloc_hook+0x53/0x2c0
[  129.442612][ T2770]  ? copy_mm+0xa3a/0x13e0
[  129.446922][ T2770]  ? copy_process+0x1149/0x3290
[  129.451693][ T2770]  ? kernel_clone+0x21e/0x9e0
[  129.456201][ T2770]  ? __x64_sys_clone+0x23f/0x290
[  129.460978][ T2770]  ? do_syscall_64+0x3d/0xb0
[  129.465820][ T2770]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  129.471734][ T2770]  ? pfn_valid+0x1e0/0x1e0
[  129.476189][ T2770]  ? rwsem_write_trylock+0x15b/0x290
[  129.481571][ T2770]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  129.487956][ T2770]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  129.493492][ T2770]  ? __rb_insert_augmented+0x5de/0x610
[  129.498781][ T2770]  copy_mm+0xc7e/0x13e0
[  129.502783][ T2770]  ? copy_signal+0x610/0x610
[  129.507196][ T2770]  ? __init_rwsem+0xd6/0x1c0
[  129.511722][ T2770]  ? copy_signal+0x4e3/0x610
[  129.516313][ T2770]  copy_process+0x1149/0x3290
[  129.520828][ T2770]  ? proc_fail_nth_write+0x20b/0x290
[  129.525884][ T2770]  ? fsnotify_perm+0x6a/0x5d0
[  129.530398][ T2770]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  129.535344][ T2770]  ? vfs_write+0x9ec/0x1110
[  129.539680][ T2770]  kernel_clone+0x21e/0x9e0
[  129.544017][ T2770]  ? file_end_write+0x1c0/0x1c0
[  129.548708][ T2770]  ? create_io_thread+0x1e0/0x1e0
[  129.553563][ T2770]  ? mutex_unlock+0xb2/0x260
[  129.557993][ T2770]  ? __mutex_lock_slowpath+0x10/0x10
[  129.563114][ T2770]  __x64_sys_clone+0x23f/0x290
[  129.567718][ T2770]  ? __do_sys_vfork+0x130/0x130
[  129.572404][ T2770]  ? ksys_write+0x260/0x2c0
[  129.576757][ T2770]  ? debug_smp_processor_id+0x17/0x20
[  129.581947][ T2770]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  129.587855][ T2770]  ? exit_to_user_mode_prepare+0x39/0xa0
[  129.593317][ T2770]  do_syscall_64+0x3d/0xb0
[  129.597570][ T2770]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  129.603295][ T2770] RIP: 0033:0x7f7a0de6fda9
[  129.607558][ T2770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  129.626994][ T2770] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  129.635243][ T2770] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  129.643046][ T2770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  129.650857][ T2770] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  129.658670][ T2770] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  129.666479][ T2770] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  129.674301][ T2770]  </TASK>
[  129.678189][ T2776] CPU: 0 PID: 2776 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  129.688268][ T2776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  129.698161][ T2776] Call Trace:
[  129.701293][ T2776]  <TASK>
[  129.704060][ T2776]  dump_stack_lvl+0x151/0x1b7
[  129.708576][ T2776]  ? io_uring_drop_tctx_refs+0x190/0x190
[  129.714043][ T2776]  dump_stack+0x15/0x17
[  129.718038][ T2776]  should_fail+0x3c6/0x510
[  129.722291][ T2776]  should_fail_alloc_page+0x5a/0x80
[  129.727319][ T2776]  prepare_alloc_pages+0x15c/0x700
[  129.732271][ T2776]  ? __alloc_pages_bulk+0xe40/0xe40
[  129.737307][ T2776]  __alloc_pages+0x18c/0x8f0
[  129.741730][ T2776]  ? prep_new_page+0x110/0x110
[  129.746330][ T2776]  ? __alloc_pages+0x27e/0x8f0
[  129.750930][ T2776]  ? __kasan_check_write+0x14/0x20
[  129.755870][ T2776]  ? _raw_spin_lock+0xa4/0x1b0
[  129.760480][ T2776]  pte_alloc_one+0x73/0x1b0
[  129.764830][ T2776]  ? pfn_modify_allowed+0x2f0/0x2f0
[  129.769848][ T2776]  ? __pmd_alloc+0x48d/0x550
[  129.774270][ T2776]  __pte_alloc+0x86/0x350
[  129.778439][ T2776]  ? __pud_alloc+0x260/0x260
[  129.782864][ T2776]  ? __pud_alloc+0x213/0x260
[  129.787296][ T2776]  ? free_pgtables+0x280/0x280
[  129.791889][ T2776]  ? do_handle_mm_fault+0x2330/0x2330
[  129.797098][ T2776]  ? __stack_depot_save+0x34/0x470
[  129.802044][ T2776]  ? anon_vma_clone+0x9a/0x500
[  129.806649][ T2776]  copy_page_range+0x28a8/0x2f90
[  129.811419][ T2776]  ? __kasan_slab_alloc+0xb1/0xe0
[  129.816291][ T2776]  ? slab_post_alloc_hook+0x53/0x2c0
[  129.821401][ T2776]  ? kernel_clone+0x21e/0x9e0
[  129.825912][ T2776]  ? do_syscall_64+0x3d/0xb0
[  129.830341][ T2776]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  129.836249][ T2776]  ? pfn_valid+0x1e0/0x1e0
[  129.840492][ T2776]  ? rwsem_write_trylock+0x15b/0x290
[  129.845614][ T2776]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  129.851865][ T2776]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  129.857422][ T2776]  ? __rb_insert_augmented+0x5de/0x610
[  129.862714][ T2776]  copy_mm+0xc7e/0x13e0
[  129.866721][ T2776]  ? copy_signal+0x610/0x610
[  129.871134][ T2776]  ? __init_rwsem+0xd6/0x1c0
[  129.875558][ T2776]  ? copy_signal+0x4e3/0x610
[  129.879999][ T2776]  copy_process+0x1149/0x3290
[  129.884501][ T2776]  ? proc_fail_nth_write+0x20b/0x290
[  129.889619][ T2776]  ? fsnotify_perm+0x6a/0x5d0
[  129.894132][ T2776]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  129.899079][ T2776]  ? vfs_write+0x9ec/0x1110
[  129.903421][ T2776]  kernel_clone+0x21e/0x9e0
[  129.907758][ T2776]  ? file_end_write+0x1c0/0x1c0
[  129.912447][ T2776]  ? create_io_thread+0x1e0/0x1e0
[  129.917307][ T2776]  ? mutex_unlock+0xb2/0x260
[  129.921732][ T2776]  ? __mutex_lock_slowpath+0x10/0x10
[  129.926853][ T2776]  __x64_sys_clone+0x23f/0x290
[  129.931454][ T2776]  ? __do_sys_vfork+0x130/0x130
[  129.936137][ T2776]  ? ksys_write+0x260/0x2c0
[  129.940483][ T2776]  ? debug_smp_processor_id+0x17/0x20
[  129.945687][ T2776]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  129.951589][ T2776]  ? exit_to_user_mode_prepare+0x39/0xa0
[  129.957058][ T2776]  do_syscall_64+0x3d/0xb0
[  129.961312][ T2776]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  129.967038][ T2776] RIP: 0033:0x7faae203fda9
[  129.971296][ T2776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:44 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x3a3, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r0, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = getpid()
r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700)
perf_event_open(&(0x7f00000006c0)={0x4, 0x80, 0xff, 0x35, 0xc8, 0xc1, 0x0, 0x4846, 0x800, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x3, @perf_config_ext={0x1, 0x7}, 0x4, 0x100000000, 0x0, 0x7, 0x3, 0x4, 0xb639, 0x0, 0x80, 0x0, 0x6}, 0x0, 0xb, r4, 0x0)
write$cgroup_type(r4, 0x0, 0x0)
perf_event_open(&(0x7f00000007c0)={0x4, 0x80, 0x9, 0x5, 0x0, 0x2, 0x0, 0x0, 0xa1310, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}, 0x80, 0x36eafc62, 0x0, 0x1, 0x2, 0x7, 0x9, 0x0, 0x0, 0x0, 0x81}, r3, 0xf, r4, 0x0)
openat$cgroup_ro(r4, &(0x7f00000003c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x20, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xcb5c}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x200}}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @map_val={0x18, 0x7, 0x2, 0x0, r0}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x17}, @exit, @map_val={0x18, 0x6, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0xfff, 0xf2, &(0x7f0000000280)=""/242, 0x41000, 0x48, '\x00', r2, 0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x7, 0x45019d2e, 0x2}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000580)=[r0, r4, r0, r0, r0, r5, r0, r0, r0, r0], &(0x7f00000005c0)=[{0x2, 0x3, 0xa, 0x7}], 0x10, 0x4909000}, 0x90)

21:57:44 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

[  129.990735][ T2776] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  129.998979][ T2776] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  130.006790][ T2776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  130.014599][ T2776] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  130.022411][ T2776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  130.030229][ T2776] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  130.038036][ T2776]  </TASK>
[  130.074488][ T2801] FAULT_INJECTION: forcing a failure.
[  130.074488][ T2801] name failslab, interval 1, probability 0, space 0, times 0
[  130.087064][ T2801] CPU: 1 PID: 2801 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  130.097144][ T2801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  130.107029][ T2801] Call Trace:
[  130.110151][ T2801]  <TASK>
[  130.112928][ T2801]  dump_stack_lvl+0x151/0x1b7
[  130.117442][ T2801]  ? io_uring_drop_tctx_refs+0x190/0x190
[  130.122907][ T2801]  dump_stack+0x15/0x17
[  130.126900][ T2801]  should_fail+0x3c6/0x510
[  130.131153][ T2801]  __should_failslab+0xa4/0xe0
[  130.135760][ T2801]  ? vm_area_dup+0x26/0x230
[  130.140091][ T2801]  should_failslab+0x9/0x20
[  130.144431][ T2801]  slab_pre_alloc_hook+0x37/0xd0
[  130.149219][ T2801]  ? vm_area_dup+0x26/0x230
[  130.153560][ T2801]  kmem_cache_alloc+0x44/0x200
[  130.158147][ T2801]  vm_area_dup+0x26/0x230
[  130.162311][ T2801]  copy_mm+0x9a1/0x13e0
[  130.166316][ T2801]  ? copy_signal+0x610/0x610
[  130.170731][ T2801]  ? __init_rwsem+0xd6/0x1c0
[  130.175168][ T2801]  ? copy_signal+0x4e3/0x610
[  130.179595][ T2801]  copy_process+0x1149/0x3290
[  130.184099][ T2801]  ? proc_fail_nth_write+0x20b/0x290
[  130.189217][ T2801]  ? fsnotify_perm+0x6a/0x5d0
[  130.193733][ T2801]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  130.198677][ T2801]  ? vfs_write+0x9ec/0x1110
[  130.203020][ T2801]  kernel_clone+0x21e/0x9e0
[  130.207367][ T2801]  ? file_end_write+0x1c0/0x1c0
[  130.212045][ T2801]  ? create_io_thread+0x1e0/0x1e0
[  130.216903][ T2801]  ? mutex_unlock+0xb2/0x260
[  130.221330][ T2801]  ? __mutex_lock_slowpath+0x10/0x10
[  130.226455][ T2801]  __x64_sys_clone+0x23f/0x290
[  130.231051][ T2801]  ? __do_sys_vfork+0x130/0x130
[  130.235740][ T2801]  ? ksys_write+0x260/0x2c0
[  130.240078][ T2801]  ? debug_smp_processor_id+0x17/0x20
[  130.245286][ T2801]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  130.251189][ T2801]  ? exit_to_user_mode_prepare+0x39/0xa0
[  130.256655][ T2801]  do_syscall_64+0x3d/0xb0
[  130.260909][ T2801]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  130.266638][ T2801] RIP: 0033:0x7faae203fda9
[  130.270892][ T2801] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  130.290330][ T2801] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  130.298576][ T2801] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  130.306392][ T2801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  130.314196][ T2801] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:45 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x3a3, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r0, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10) (async)
r3 = getpid() (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700)
perf_event_open(&(0x7f00000006c0)={0x4, 0x80, 0xff, 0x35, 0xc8, 0xc1, 0x0, 0x4846, 0x800, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x3, @perf_config_ext={0x1, 0x7}, 0x4, 0x100000000, 0x0, 0x7, 0x3, 0x4, 0xb639, 0x0, 0x80, 0x0, 0x6}, 0x0, 0xb, r4, 0x0) (async)
write$cgroup_type(r4, 0x0, 0x0) (async)
perf_event_open(&(0x7f00000007c0)={0x4, 0x80, 0x9, 0x5, 0x0, 0x2, 0x0, 0x0, 0xa1310, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}, 0x80, 0x36eafc62, 0x0, 0x1, 0x2, 0x7, 0x9, 0x0, 0x0, 0x0, 0x81}, r3, 0xf, r4, 0x0) (async)
openat$cgroup_ro(r4, &(0x7f00000003c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x20, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xcb5c}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x200}}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @map_val={0x18, 0x7, 0x2, 0x0, r0}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x17}, @exit, @map_val={0x18, 0x6, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0xfff, 0xf2, &(0x7f0000000280)=""/242, 0x41000, 0x48, '\x00', r2, 0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x7, 0x45019d2e, 0x2}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000580)=[r0, r4, r0, r0, r0, r5, r0, r0, r0, r0], &(0x7f00000005c0)=[{0x2, 0x3, 0xa, 0x7}], 0x10, 0x4909000}, 0x90)

21:57:45 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

21:57:45 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:45 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

[  130.322009][ T2801] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  130.329821][ T2801] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  130.337636][ T2801]  </TASK>
21:57:45 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x3a3, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r0, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10) (async)
r3 = getpid() (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700)
perf_event_open(&(0x7f00000006c0)={0x4, 0x80, 0xff, 0x35, 0xc8, 0xc1, 0x0, 0x4846, 0x800, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7, 0x3, @perf_config_ext={0x1, 0x7}, 0x4, 0x100000000, 0x0, 0x7, 0x3, 0x4, 0xb639, 0x0, 0x80, 0x0, 0x6}, 0x0, 0xb, r4, 0x0)
write$cgroup_type(r4, 0x0, 0x0) (async)
perf_event_open(&(0x7f00000007c0)={0x4, 0x80, 0x9, 0x5, 0x0, 0x2, 0x0, 0x0, 0xa1310, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}, 0x80, 0x36eafc62, 0x0, 0x1, 0x2, 0x7, 0x9, 0x0, 0x0, 0x0, 0x81}, r3, 0xf, r4, 0x0)
openat$cgroup_ro(r4, &(0x7f00000003c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x20, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xcb5c}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x200}}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @map_val={0x18, 0x7, 0x2, 0x0, r0}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x17}, @exit, @map_val={0x18, 0x6, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0xfff, 0xf2, &(0x7f0000000280)=""/242, 0x41000, 0x48, '\x00', r2, 0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x7, 0x45019d2e, 0x2}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000580)=[r0, r4, r0, r0, r0, r5, r0, r0, r0, r0], &(0x7f00000005c0)=[{0x2, 0x3, 0xa, 0x7}], 0x10, 0x4909000}, 0x90)

[  130.401017][ T2815] FAULT_INJECTION: forcing a failure.
[  130.401017][ T2815] name failslab, interval 1, probability 0, space 0, times 0
[  130.427966][ T2815] CPU: 1 PID: 2815 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  130.438143][ T2815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  130.448040][ T2815] Call Trace:
[  130.451337][ T2815]  <TASK>
[  130.454113][ T2815]  dump_stack_lvl+0x151/0x1b7
[  130.458631][ T2815]  ? io_uring_drop_tctx_refs+0x190/0x190
[  130.464104][ T2815]  dump_stack+0x15/0x17
[  130.468197][ T2815]  should_fail+0x3c6/0x510
[  130.472439][ T2815]  __should_failslab+0xa4/0xe0
[  130.477040][ T2815]  ? vm_area_dup+0x26/0x230
[  130.481380][ T2815]  should_failslab+0x9/0x20
[  130.485730][ T2815]  slab_pre_alloc_hook+0x37/0xd0
[  130.490495][ T2815]  ? vm_area_dup+0x26/0x230
[  130.494831][ T2815]  kmem_cache_alloc+0x44/0x200
[  130.499432][ T2815]  vm_area_dup+0x26/0x230
[  130.503597][ T2815]  copy_mm+0x9a1/0x13e0
[  130.507593][ T2815]  ? copy_signal+0x610/0x610
[  130.512013][ T2815]  ? __init_rwsem+0xd6/0x1c0
[  130.516448][ T2815]  ? copy_signal+0x4e3/0x610
[  130.520865][ T2815]  copy_process+0x1149/0x3290
[  130.525383][ T2815]  ? proc_fail_nth_write+0x20b/0x290
[  130.530504][ T2815]  ? fsnotify_perm+0x6a/0x5d0
[  130.535015][ T2815]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  130.539964][ T2815]  ? vfs_write+0x9ec/0x1110
[  130.544304][ T2815]  kernel_clone+0x21e/0x9e0
[  130.548640][ T2815]  ? file_end_write+0x1c0/0x1c0
[  130.553327][ T2815]  ? create_io_thread+0x1e0/0x1e0
[  130.558185][ T2815]  ? mutex_unlock+0xb2/0x260
[  130.562612][ T2815]  ? __mutex_lock_slowpath+0x10/0x10
[  130.567736][ T2815]  __x64_sys_clone+0x23f/0x290
[  130.572333][ T2815]  ? __do_sys_vfork+0x130/0x130
[  130.577018][ T2815]  ? ksys_write+0x260/0x2c0
[  130.581362][ T2815]  ? debug_smp_processor_id+0x17/0x20
[  130.586565][ T2815]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  130.592472][ T2815]  ? exit_to_user_mode_prepare+0x39/0xa0
[  130.597940][ T2815]  do_syscall_64+0x3d/0xb0
[  130.602193][ T2815]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  130.607917][ T2815] RIP: 0033:0x7faae203fda9
[  130.612172][ T2815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  130.631698][ T2815] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  130.639945][ T2815] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:45 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

21:57:45 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:45 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000540)={'netdevsim0\x00', 0x800})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x16, 0x0, 0x100007, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000060000000000000007000000184b0000fbffffff000000000000000018110000", @ANYRES32=r3], 0x0, 0x5, 0x46, &(0x7f0000000100)=""/70, 0x40f00, 0x22, '\x00', 0x0, 0x2c, r3, 0x8, &(0x7f0000000600)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0x1, 0x9, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000b80)=[r2, r4, r4, r4], &(0x7f0000000bc0)=[{0x1, 0x3, 0x3, 0x6}, {0x4, 0x3, 0x5, 0x3}, {0x3, 0x1, 0xa, 0xb5e542411a920478}, {0x1, 0x4, 0xe, 0x3}], 0x10, 0x8}, 0x90)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x660c, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r5=>0xffffffffffffffff}, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r6, &(0x7f0000000000), 0x165243)
r7 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r10, &(0x7f0000000000), 0x165243)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x21, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000001}, [@ldst={0x1, 0x0, 0x2, 0x4, 0x6, 0x80, 0xfffffffffffffff0}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x39}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0x4, 0xb, 0x4, 0xffffffffffffffc0, 0x8}, @alu={0x4, 0x1, 0x8, 0xb, 0x7, 0xffffffffffffffe0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x7, 0x2, &(0x7f0000000100)=""/2, 0x41000, 0x2c, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x1e729, r8, 0x0, &(0x7f00000003c0)=[r9, r10, r1, r1], 0x0, 0x10, 0x4}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  130.647843][ T2815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  130.655666][ T2815] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  130.663473][ T2815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  130.671276][ T2815] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  130.679098][ T2815]  </TASK>
21:57:45 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  130.741247][ T2825] FAULT_INJECTION: forcing a failure.
[  130.741247][ T2825] name failslab, interval 1, probability 0, space 0, times 0
[  130.780224][ T2825] CPU: 1 PID: 2825 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  130.790323][ T2825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  130.800304][ T2825] Call Trace:
[  130.803421][ T2825]  <TASK>
[  130.806294][ T2825]  dump_stack_lvl+0x151/0x1b7
[  130.810803][ T2825]  ? io_uring_drop_tctx_refs+0x190/0x190
[  130.816270][ T2825]  ? avc_denied+0x1b0/0x1b0
[  130.820609][ T2825]  dump_stack+0x15/0x17
[  130.824601][ T2825]  should_fail+0x3c6/0x510
[  130.828856][ T2825]  __should_failslab+0xa4/0xe0
[  130.833463][ T2825]  ? vm_area_dup+0x26/0x230
[  130.837796][ T2825]  should_failslab+0x9/0x20
[  130.842134][ T2825]  slab_pre_alloc_hook+0x37/0xd0
[  130.847012][ T2825]  ? vm_area_dup+0x26/0x230
[  130.851346][ T2825]  kmem_cache_alloc+0x44/0x200
[  130.855948][ T2825]  vm_area_dup+0x26/0x230
[  130.860115][ T2825]  copy_mm+0x9a1/0x13e0
[  130.864112][ T2825]  ? copy_signal+0x610/0x610
[  130.868534][ T2825]  ? __init_rwsem+0xd6/0x1c0
[  130.872960][ T2825]  ? copy_signal+0x4e3/0x610
[  130.877387][ T2825]  copy_process+0x1149/0x3290
[  130.881904][ T2825]  ? proc_fail_nth_write+0x20b/0x290
[  130.887020][ T2825]  ? fsnotify_perm+0x6a/0x5d0
[  130.899084][ T2825]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  130.904029][ T2825]  ? vfs_write+0x9ec/0x1110
[  130.908368][ T2825]  kernel_clone+0x21e/0x9e0
[  130.912820][ T2825]  ? file_end_write+0x1c0/0x1c0
[  130.917597][ T2825]  ? create_io_thread+0x1e0/0x1e0
[  130.922453][ T2825]  ? mutex_unlock+0xb2/0x260
[  130.926880][ T2825]  ? __mutex_lock_slowpath+0x10/0x10
[  130.932002][ T2825]  __x64_sys_clone+0x23f/0x290
[  130.936601][ T2825]  ? __do_sys_vfork+0x130/0x130
[  130.941288][ T2825]  ? ksys_write+0x260/0x2c0
[  130.945627][ T2825]  ? debug_smp_processor_id+0x17/0x20
[  130.950837][ T2825]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  130.956739][ T2825]  ? exit_to_user_mode_prepare+0x39/0xa0
[  130.962208][ T2825]  do_syscall_64+0x3d/0xb0
[  130.966458][ T2825]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  130.972184][ T2825] RIP: 0033:0x7faae203fda9
[  130.976439][ T2825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  130.995879][ T2825] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  131.004125][ T2825] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  131.011935][ T2825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  131.019750][ T2825] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  131.027561][ T2825] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  131.035369][ T2825] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  131.043185][ T2825]  </TASK>
[  131.050147][ T2817] FAULT_INJECTION: forcing a failure.
[  131.050147][ T2817] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  131.077211][ T2817] CPU: 1 PID: 2817 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  131.087299][ T2817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  131.097200][ T2817] Call Trace:
[  131.100316][ T2817]  <TASK>
[  131.103092][ T2817]  dump_stack_lvl+0x151/0x1b7
[  131.107606][ T2817]  ? io_uring_drop_tctx_refs+0x190/0x190
[  131.113071][ T2817]  dump_stack+0x15/0x17
[  131.117063][ T2817]  should_fail+0x3c6/0x510
[  131.121323][ T2817]  should_fail_alloc_page+0x5a/0x80
[  131.126353][ T2817]  prepare_alloc_pages+0x15c/0x700
[  131.131306][ T2817]  ? __alloc_pages_bulk+0xe40/0xe40
[  131.136335][ T2817]  __alloc_pages+0x18c/0x8f0
[  131.140761][ T2817]  ? prep_new_page+0x110/0x110
[  131.145364][ T2817]  ? __alloc_pages+0x27e/0x8f0
[  131.149961][ T2817]  ? __kasan_check_write+0x14/0x20
[  131.154906][ T2817]  ? _raw_spin_lock+0xa4/0x1b0
[  131.159511][ T2817]  pte_alloc_one+0x73/0x1b0
[  131.163846][ T2817]  ? pfn_modify_allowed+0x2f0/0x2f0
[  131.168884][ T2817]  ? __pmd_alloc+0x48d/0x550
[  131.173307][ T2817]  __pte_alloc+0x86/0x350
[  131.177475][ T2817]  ? __pud_alloc+0x260/0x260
[  131.181902][ T2817]  ? __pud_alloc+0x213/0x260
[  131.186339][ T2817]  ? free_pgtables+0x280/0x280
[  131.190932][ T2817]  ? do_handle_mm_fault+0x2330/0x2330
[  131.196136][ T2817]  ? __stack_depot_save+0x34/0x470
[  131.201076][ T2817]  ? anon_vma_clone+0x9a/0x500
[  131.205677][ T2817]  copy_page_range+0x28a8/0x2f90
[  131.210449][ T2817]  ? __kasan_slab_alloc+0xb1/0xe0
[  131.215313][ T2817]  ? slab_post_alloc_hook+0x53/0x2c0
[  131.220430][ T2817]  ? kernel_clone+0x21e/0x9e0
[  131.224945][ T2817]  ? do_syscall_64+0x3d/0xb0
[  131.229369][ T2817]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  131.235285][ T2817]  ? pfn_valid+0x1e0/0x1e0
[  131.239526][ T2817]  ? rwsem_write_trylock+0x15b/0x290
[  131.244647][ T2817]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  131.250897][ T2817]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  131.256450][ T2817]  ? __rb_insert_augmented+0x5de/0x610
[  131.261751][ T2817]  copy_mm+0xc7e/0x13e0
[  131.265828][ T2817]  ? copy_signal+0x610/0x610
[  131.270255][ T2817]  ? __init_rwsem+0xd6/0x1c0
[  131.274678][ T2817]  ? copy_signal+0x4e3/0x610
[  131.279106][ T2817]  copy_process+0x1149/0x3290
[  131.283621][ T2817]  ? proc_fail_nth_write+0x20b/0x290
[  131.288744][ T2817]  ? fsnotify_perm+0x6a/0x5d0
[  131.293252][ T2817]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  131.298200][ T2817]  ? vfs_write+0x9ec/0x1110
[  131.302538][ T2817]  kernel_clone+0x21e/0x9e0
[  131.306876][ T2817]  ? file_end_write+0x1c0/0x1c0
[  131.311563][ T2817]  ? create_io_thread+0x1e0/0x1e0
[  131.316423][ T2817]  ? mutex_unlock+0xb2/0x260
[  131.320851][ T2817]  ? __mutex_lock_slowpath+0x10/0x10
[  131.325974][ T2817]  __x64_sys_clone+0x23f/0x290
[  131.330571][ T2817]  ? __do_sys_vfork+0x130/0x130
[  131.335258][ T2817]  ? ksys_write+0x260/0x2c0
[  131.339599][ T2817]  ? debug_smp_processor_id+0x17/0x20
[  131.344805][ T2817]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  131.350797][ T2817]  ? exit_to_user_mode_prepare+0x39/0xa0
[  131.356262][ T2817]  do_syscall_64+0x3d/0xb0
[  131.360514][ T2817]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  131.366249][ T2817] RIP: 0033:0x7f7a0de6fda9
[  131.370498][ T2817] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  131.389937][ T2817] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:45 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:46 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000540)={'netdevsim0\x00', 0x800})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x16, 0x0, 0x100007, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000060000000000000007000000184b0000fbffffff000000000000000018110000", @ANYRES32=r3], 0x0, 0x5, 0x46, &(0x7f0000000100)=""/70, 0x40f00, 0x22, '\x00', 0x0, 0x2c, r3, 0x8, &(0x7f0000000600)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0x1, 0x9, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000b80)=[r2, r4, r4, r4], &(0x7f0000000bc0)=[{0x1, 0x3, 0x3, 0x6}, {0x4, 0x3, 0x5, 0x3}, {0x3, 0x1, 0xa, 0xb5e542411a920478}, {0x1, 0x4, 0xe, 0x3}], 0x10, 0x8}, 0x90) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x660c, 0x0) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r5=>0xffffffffffffffff}, 0x4) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r6, &(0x7f0000000000), 0x165243) (async)
r7 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4) (async)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r10, &(0x7f0000000000), 0x165243) (async, rerun: 32)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x21, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000001}, [@ldst={0x1, 0x0, 0x2, 0x4, 0x6, 0x80, 0xfffffffffffffff0}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x39}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0x4, 0xb, 0x4, 0xffffffffffffffc0, 0x8}, @alu={0x4, 0x1, 0x8, 0xb, 0x7, 0xffffffffffffffe0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x7, 0x2, &(0x7f0000000100)=""/2, 0x41000, 0x2c, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x1e729, r8, 0x0, &(0x7f00000003c0)=[r9, r10, r1, r1], 0x0, 0x10, 0x4}, 0x90) (async, rerun: 32)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:46 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49)

[  131.398184][ T2817] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  131.405994][ T2817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  131.413807][ T2817] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  131.421626][ T2817] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  131.429442][ T2817] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  131.437244][ T2817]  </TASK>
[  131.483778][ T2834] FAULT_INJECTION: forcing a failure.
[  131.483778][ T2834] name failslab, interval 1, probability 0, space 0, times 0
[  131.503080][ T2834] CPU: 1 PID: 2834 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  131.513170][ T2834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  131.523062][ T2834] Call Trace:
[  131.526186][ T2834]  <TASK>
[  131.528960][ T2834]  dump_stack_lvl+0x151/0x1b7
[  131.533475][ T2834]  ? io_uring_drop_tctx_refs+0x190/0x190
[  131.538949][ T2834]  dump_stack+0x15/0x17
[  131.542935][ T2834]  should_fail+0x3c6/0x510
[  131.547188][ T2834]  __should_failslab+0xa4/0xe0
[  131.551790][ T2834]  ? vm_area_dup+0x26/0x230
[  131.556130][ T2834]  should_failslab+0x9/0x20
[  131.560468][ T2834]  slab_pre_alloc_hook+0x37/0xd0
[  131.565244][ T2834]  ? vm_area_dup+0x26/0x230
[  131.569579][ T2834]  kmem_cache_alloc+0x44/0x200
[  131.574175][ T2834]  vm_area_dup+0x26/0x230
[  131.578347][ T2834]  copy_mm+0x9a1/0x13e0
[  131.582339][ T2834]  ? copy_signal+0x610/0x610
[  131.586763][ T2834]  ? __init_rwsem+0xd6/0x1c0
[  131.591188][ T2834]  ? copy_signal+0x4e3/0x610
[  131.595617][ T2834]  copy_process+0x1149/0x3290
[  131.600130][ T2834]  ? proc_fail_nth_write+0x20b/0x290
[  131.605248][ T2834]  ? fsnotify_perm+0x6a/0x5d0
[  131.609760][ T2834]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  131.614717][ T2834]  ? vfs_write+0x9ec/0x1110
[  131.619055][ T2834]  kernel_clone+0x21e/0x9e0
[  131.623390][ T2834]  ? file_end_write+0x1c0/0x1c0
[  131.628076][ T2834]  ? create_io_thread+0x1e0/0x1e0
[  131.632933][ T2834]  ? mutex_unlock+0xb2/0x260
[  131.637362][ T2834]  ? __mutex_lock_slowpath+0x10/0x10
[  131.642483][ T2834]  __x64_sys_clone+0x23f/0x290
[  131.647087][ T2834]  ? __do_sys_vfork+0x130/0x130
[  131.651768][ T2834]  ? ksys_write+0x260/0x2c0
[  131.656109][ T2834]  ? debug_smp_processor_id+0x17/0x20
[  131.661316][ T2834]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  131.667218][ T2834]  ? exit_to_user_mode_prepare+0x39/0xa0
[  131.672687][ T2834]  do_syscall_64+0x3d/0xb0
[  131.676938][ T2834]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  131.682668][ T2834] RIP: 0033:0x7faae203fda9
[  131.686920][ T2834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  131.706361][ T2834] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  131.714606][ T2834] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  131.722416][ T2834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:46 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  131.730230][ T2834] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  131.738040][ T2834] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  131.745850][ T2834] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  131.753669][ T2834]  </TASK>
21:57:46 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

21:57:46 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  131.873442][ T2849] FAULT_INJECTION: forcing a failure.
[  131.873442][ T2849] name failslab, interval 1, probability 0, space 0, times 0
[  131.895792][ T2849] CPU: 0 PID: 2849 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  131.905880][ T2849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  131.915779][ T2849] Call Trace:
[  131.918900][ T2849]  <TASK>
[  131.921677][ T2849]  dump_stack_lvl+0x151/0x1b7
[  131.926280][ T2849]  ? io_uring_drop_tctx_refs+0x190/0x190
[  131.931748][ T2849]  dump_stack+0x15/0x17
[  131.935734][ T2849]  should_fail+0x3c6/0x510
[  131.939994][ T2849]  __should_failslab+0xa4/0xe0
[  131.944589][ T2849]  ? anon_vma_clone+0x9a/0x500
[  131.949192][ T2849]  should_failslab+0x9/0x20
[  131.953528][ T2849]  slab_pre_alloc_hook+0x37/0xd0
[  131.958307][ T2849]  ? anon_vma_clone+0x9a/0x500
[  131.962900][ T2849]  kmem_cache_alloc+0x44/0x200
[  131.967504][ T2849]  anon_vma_clone+0x9a/0x500
[  131.971930][ T2849]  anon_vma_fork+0x91/0x4e0
[  131.976272][ T2849]  ? anon_vma_name+0x4c/0x70
[  131.980697][ T2849]  ? vm_area_dup+0x17a/0x230
[  131.985121][ T2849]  copy_mm+0xa3a/0x13e0
[  131.989116][ T2849]  ? copy_signal+0x610/0x610
[  131.993538][ T2849]  ? __init_rwsem+0xd6/0x1c0
[  131.997965][ T2849]  ? copy_signal+0x4e3/0x610
[  132.002387][ T2849]  copy_process+0x1149/0x3290
[  132.006902][ T2849]  ? proc_fail_nth_write+0x20b/0x290
[  132.012021][ T2849]  ? fsnotify_perm+0x6a/0x5d0
[  132.016535][ T2849]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  132.021486][ T2849]  ? vfs_write+0x9ec/0x1110
[  132.025826][ T2849]  kernel_clone+0x21e/0x9e0
[  132.030163][ T2849]  ? file_end_write+0x1c0/0x1c0
[  132.034848][ T2849]  ? create_io_thread+0x1e0/0x1e0
[  132.039707][ T2849]  ? mutex_unlock+0xb2/0x260
[  132.044134][ T2849]  ? __mutex_lock_slowpath+0x10/0x10
[  132.049258][ T2849]  __x64_sys_clone+0x23f/0x290
[  132.053857][ T2849]  ? __do_sys_vfork+0x130/0x130
[  132.058541][ T2849]  ? ksys_write+0x260/0x2c0
[  132.062882][ T2849]  ? debug_smp_processor_id+0x17/0x20
[  132.068090][ T2849]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  132.073991][ T2849]  ? exit_to_user_mode_prepare+0x39/0xa0
[  132.079459][ T2849]  do_syscall_64+0x3d/0xb0
[  132.083714][ T2849]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  132.089441][ T2849] RIP: 0033:0x7f7a0de6fda9
[  132.093696][ T2849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  132.113254][ T2849] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:47 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50)

[  132.121499][ T2849] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  132.129545][ T2849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  132.137355][ T2849] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  132.145167][ T2849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  132.152978][ T2849] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
[  132.160793][ T2849]  </TASK>
[  132.185608][ T2854] FAULT_INJECTION: forcing a failure.
[  132.185608][ T2854] name failslab, interval 1, probability 0, space 0, times 0
[  132.205502][ T2854] CPU: 0 PID: 2854 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  132.215585][ T2854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  132.225479][ T2854] Call Trace:
[  132.228602][ T2854]  <TASK>
[  132.231382][ T2854]  dump_stack_lvl+0x151/0x1b7
[  132.235892][ T2854]  ? io_uring_drop_tctx_refs+0x190/0x190
[  132.241365][ T2854]  dump_stack+0x15/0x17
[  132.245356][ T2854]  should_fail+0x3c6/0x510
[  132.249611][ T2854]  __should_failslab+0xa4/0xe0
[  132.254208][ T2854]  ? anon_vma_fork+0x1df/0x4e0
[  132.258807][ T2854]  should_failslab+0x9/0x20
[  132.263144][ T2854]  slab_pre_alloc_hook+0x37/0xd0
[  132.267919][ T2854]  ? anon_vma_fork+0x1df/0x4e0
[  132.272524][ T2854]  kmem_cache_alloc+0x44/0x200
[  132.277123][ T2854]  anon_vma_fork+0x1df/0x4e0
[  132.281549][ T2854]  copy_mm+0xa3a/0x13e0
[  132.285541][ T2854]  ? copy_signal+0x610/0x610
[  132.289964][ T2854]  ? __init_rwsem+0xd6/0x1c0
[  132.294391][ T2854]  ? copy_signal+0x4e3/0x610
[  132.298818][ T2854]  copy_process+0x1149/0x3290
[  132.303336][ T2854]  ? proc_fail_nth_write+0x20b/0x290
[  132.308453][ T2854]  ? fsnotify_perm+0x6a/0x5d0
[  132.312968][ T2854]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  132.317910][ T2854]  ? vfs_write+0x9ec/0x1110
[  132.322251][ T2854]  kernel_clone+0x21e/0x9e0
[  132.326593][ T2854]  ? file_end_write+0x1c0/0x1c0
[  132.331274][ T2854]  ? create_io_thread+0x1e0/0x1e0
[  132.336135][ T2854]  ? mutex_unlock+0xb2/0x260
[  132.340566][ T2854]  ? __mutex_lock_slowpath+0x10/0x10
[  132.345682][ T2854]  __x64_sys_clone+0x23f/0x290
[  132.350372][ T2854]  ? __do_sys_vfork+0x130/0x130
[  132.355057][ T2854]  ? ksys_write+0x260/0x2c0
[  132.359414][ T2854]  ? debug_smp_processor_id+0x17/0x20
[  132.364602][ T2854]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  132.370506][ T2854]  ? exit_to_user_mode_prepare+0x39/0xa0
[  132.375972][ T2854]  do_syscall_64+0x3d/0xb0
[  132.380223][ T2854]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  132.385955][ T2854] RIP: 0033:0x7faae203fda9
[  132.390206][ T2854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  132.409645][ T2854] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  132.417891][ T2854] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  132.425702][ T2854] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:47 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

[  132.433517][ T2854] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  132.441324][ T2854] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  132.449144][ T2854] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  132.456952][ T2854]  </TASK>
[  132.487910][ T2857] FAULT_INJECTION: forcing a failure.
[  132.487910][ T2857] name failslab, interval 1, probability 0, space 0, times 0
[  132.506933][ T2857] CPU: 1 PID: 2857 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  132.517024][ T2857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  132.526911][ T2857] Call Trace:
[  132.530035][ T2857]  <TASK>
[  132.532817][ T2857]  dump_stack_lvl+0x151/0x1b7
[  132.537330][ T2857]  ? io_uring_drop_tctx_refs+0x190/0x190
[  132.542797][ T2857]  dump_stack+0x15/0x17
[  132.546788][ T2857]  should_fail+0x3c6/0x510
[  132.551045][ T2857]  __should_failslab+0xa4/0xe0
[  132.555640][ T2857]  ? anon_vma_fork+0xf7/0x4e0
[  132.560153][ T2857]  should_failslab+0x9/0x20
[  132.564494][ T2857]  slab_pre_alloc_hook+0x37/0xd0
[  132.569266][ T2857]  ? anon_vma_fork+0xf7/0x4e0
[  132.573780][ T2857]  kmem_cache_alloc+0x44/0x200
[  132.578385][ T2857]  anon_vma_fork+0xf7/0x4e0
[  132.582717][ T2857]  ? anon_vma_name+0x4c/0x70
[  132.587147][ T2857]  ? vm_area_dup+0x17a/0x230
[  132.591574][ T2857]  copy_mm+0xa3a/0x13e0
[  132.595569][ T2857]  ? copy_signal+0x610/0x610
[  132.599989][ T2857]  ? __init_rwsem+0xd6/0x1c0
[  132.604415][ T2857]  ? copy_signal+0x4e3/0x610
[  132.608843][ T2857]  copy_process+0x1149/0x3290
[  132.613357][ T2857]  ? proc_fail_nth_write+0x20b/0x290
[  132.618477][ T2857]  ? fsnotify_perm+0x6a/0x5d0
[  132.622992][ T2857]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  132.627943][ T2857]  ? vfs_write+0x9ec/0x1110
[  132.632278][ T2857]  kernel_clone+0x21e/0x9e0
[  132.636632][ T2857]  ? file_end_write+0x1c0/0x1c0
[  132.641304][ T2857]  ? create_io_thread+0x1e0/0x1e0
[  132.646255][ T2857]  ? mutex_unlock+0xb2/0x260
[  132.650681][ T2857]  ? __mutex_lock_slowpath+0x10/0x10
[  132.655799][ T2857]  __x64_sys_clone+0x23f/0x290
[  132.660399][ T2857]  ? __do_sys_vfork+0x130/0x130
[  132.665084][ T2857]  ? ksys_write+0x260/0x2c0
[  132.669427][ T2857]  ? debug_smp_processor_id+0x17/0x20
[  132.674632][ T2857]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  132.680535][ T2857]  ? exit_to_user_mode_prepare+0x39/0xa0
[  132.686008][ T2857]  do_syscall_64+0x3d/0xb0
[  132.690258][ T2857]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  132.695986][ T2857] RIP: 0033:0x7f7a0de6fda9
[  132.700236][ T2857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  132.719680][ T2857] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  132.727922][ T2857] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
21:57:47 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:47 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000540)={'netdevsim0\x00', 0x800})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1) (async)
r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x16, 0x0, 0x100007, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000060000000000000007000000184b0000fbffffff000000000000000018110000", @ANYRES32=r3], 0x0, 0x5, 0x46, &(0x7f0000000100)=""/70, 0x40f00, 0x22, '\x00', 0x0, 0x2c, r3, 0x8, &(0x7f0000000600)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0x1, 0x9, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000b80)=[r2, r4, r4, r4], &(0x7f0000000bc0)=[{0x1, 0x3, 0x3, 0x6}, {0x4, 0x3, 0x5, 0x3}, {0x3, 0x1, 0xa, 0xb5e542411a920478}, {0x1, 0x4, 0xe, 0x3}], 0x10, 0x8}, 0x90)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x660c, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r5=>0xffffffffffffffff}, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r6, &(0x7f0000000000), 0x165243) (async)
r7 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8) (async)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r10, &(0x7f0000000000), 0x165243)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x21, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000001}, [@ldst={0x1, 0x0, 0x2, 0x4, 0x6, 0x80, 0xfffffffffffffff0}, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x39}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0x4, 0xb, 0x4, 0xffffffffffffffc0, 0x8}, @alu={0x4, 0x1, 0x8, 0xb, 0x7, 0xffffffffffffffe0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x7, 0x2, &(0x7f0000000100)=""/2, 0x41000, 0x2c, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x1e729, r8, 0x0, &(0x7f00000003c0)=[r9, r10, r1, r1], 0x0, 0x10, 0x4}, 0x90) (async)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:47 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:47 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51)

[  132.735734][ T2857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  132.743544][ T2857] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  132.751355][ T2857] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  132.759167][ T2857] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  132.766986][ T2857]  </TASK>
21:57:47 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  132.861482][ T2862] FAULT_INJECTION: forcing a failure.
[  132.861482][ T2862] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  132.902573][ T2862] CPU: 1 PID: 2862 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  132.912662][ T2862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  132.922554][ T2862] Call Trace:
[  132.925673][ T2862]  <TASK>
[  132.928452][ T2862]  dump_stack_lvl+0x151/0x1b7
[  132.932969][ T2862]  ? io_uring_drop_tctx_refs+0x190/0x190
[  132.938437][ T2862]  dump_stack+0x15/0x17
[  132.942426][ T2862]  should_fail+0x3c6/0x510
[  132.946683][ T2862]  should_fail_alloc_page+0x5a/0x80
[  132.951716][ T2862]  prepare_alloc_pages+0x15c/0x700
[  132.956669][ T2862]  ? __alloc_pages_bulk+0xe40/0xe40
[  132.961698][ T2862]  __alloc_pages+0x18c/0x8f0
[  132.966125][ T2862]  ? prep_new_page+0x110/0x110
[  132.970730][ T2862]  get_zeroed_page+0x1b/0x40
[  132.975150][ T2862]  __pud_alloc+0x8b/0x260
[  132.979314][ T2862]  ? stack_trace_snprint+0xf0/0xf0
[  132.984262][ T2862]  ? do_handle_mm_fault+0x2330/0x2330
[  132.989470][ T2862]  ? __stack_depot_save+0x34/0x470
[  132.994419][ T2862]  ? anon_vma_clone+0x9a/0x500
[  132.999022][ T2862]  copy_page_range+0x2bcf/0x2f90
[  133.003789][ T2862]  ? __kasan_slab_alloc+0xb1/0xe0
[  133.008648][ T2862]  ? slab_post_alloc_hook+0x53/0x2c0
[  133.013771][ T2862]  ? copy_mm+0xa3a/0x13e0
[  133.017939][ T2862]  ? copy_process+0x1149/0x3290
[  133.022621][ T2862]  ? kernel_clone+0x21e/0x9e0
[  133.027136][ T2862]  ? __x64_sys_clone+0x23f/0x290
[  133.031912][ T2862]  ? do_syscall_64+0x3d/0xb0
[  133.036334][ T2862]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  133.042250][ T2862]  ? pfn_valid+0x1e0/0x1e0
[  133.046495][ T2862]  ? rwsem_write_trylock+0x15b/0x290
[  133.051613][ T2862]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  133.057860][ T2862]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  133.063419][ T2862]  ? __rb_insert_augmented+0x5de/0x610
[  133.068720][ T2862]  copy_mm+0xc7e/0x13e0
[  133.072710][ T2862]  ? copy_signal+0x610/0x610
[  133.077129][ T2862]  ? __init_rwsem+0xd6/0x1c0
[  133.081555][ T2862]  ? copy_signal+0x4e3/0x610
[  133.085984][ T2862]  copy_process+0x1149/0x3290
[  133.090492][ T2862]  ? proc_fail_nth_write+0x20b/0x290
[  133.095612][ T2862]  ? fsnotify_perm+0x6a/0x5d0
[  133.100127][ T2862]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  133.105070][ T2862]  ? vfs_write+0x9ec/0x1110
[  133.109413][ T2862]  kernel_clone+0x21e/0x9e0
[  133.113749][ T2862]  ? file_end_write+0x1c0/0x1c0
[  133.118440][ T2862]  ? create_io_thread+0x1e0/0x1e0
[  133.123296][ T2862]  ? mutex_unlock+0xb2/0x260
[  133.127726][ T2862]  ? __mutex_lock_slowpath+0x10/0x10
[  133.132846][ T2862]  __x64_sys_clone+0x23f/0x290
[  133.137446][ T2862]  ? __do_sys_vfork+0x130/0x130
[  133.142131][ T2862]  ? ksys_write+0x260/0x2c0
[  133.146472][ T2862]  ? debug_smp_processor_id+0x17/0x20
[  133.151679][ T2862]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  133.157583][ T2862]  ? exit_to_user_mode_prepare+0x39/0xa0
[  133.163051][ T2862]  do_syscall_64+0x3d/0xb0
[  133.167301][ T2862]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  133.173033][ T2862] RIP: 0033:0x7faae203fda9
[  133.177285][ T2862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  133.196728][ T2862] RSP: 002b:00007faae0da0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  133.204975][ T2862] RAX: ffffffffffffffda RBX: 00007faae216e050 RCX: 00007faae203fda9
[  133.212784][ T2862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  133.220591][ T2862] RBP: 00007faae0da0120 R08: 0000000000000000 R09: 0000000000000000
[  133.228407][ T2862] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  133.236214][ T2862] R13: 000000000000006e R14: 00007faae216e050 R15: 00007ffcc786d3b8
[  133.244034][ T2862]  </TASK>
21:57:48 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

21:57:48 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:48 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4, 0xffffffff}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], <r3=>0x0, 0x62, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf4, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)=r1}, 0x20)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001240)=r3, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x18, 0x11, &(0x7f0000002ec0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@generic={0xff, 0x2, 0x1, 0x7f}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000002f80)='GPL\x00'}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x11, 0x9, &(0x7f0000001080)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffc}], &(0x7f0000001100)='syzkaller\x00', 0xffffffff, 0xd4, &(0x7f0000001140)=""/212, 0x41000, 0x11, '\x00', r2, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001280)={0x2, 0xf, 0x0, 0xffffffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000012c0)=[r6, r4], &(0x7f0000001300), 0x10, 0xe8000000}, 0x90)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000e40)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x1f, 0xc, &(0x7f0000000cc0)=@raw=[@btf_id={0x18, 0x8, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x9}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80}}], &(0x7f0000000d40)='GPL\x00', 0xf87f, 0xba, &(0x7f0000000d80)=""/186, 0x41100, 0x26, '\x00', r2, 0x1e, r7, 0x8, &(0x7f0000000e80)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000ec0)={0x4, 0x1, 0x5, 0x8001}, 0x10, r3, r1, 0x6, &(0x7f0000000f00)=[r4, r0, r0, r4, r4, r4, r0], &(0x7f0000000f40)=[{0x3, 0x1, 0xe, 0xc}, {0x2, 0x2, 0xf, 0x1}, {0x0, 0x5, 0x0, 0x4}, {0x3, 0x4, 0x5, 0xb}, {0x1, 0x5, 0x9, 0x2}, {0x1, 0x5, 0x3, 0x2}], 0x10, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x18, 0x4, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x200}, [@ldst={0x1, 0x1, 0x0, 0x1, 0xa, 0x40, 0x1}]}, &(0x7f0000000900)='syzkaller\x00', 0x6, 0xb6, &(0x7f0000000a40)=""/182, 0x41100, 0x4, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x3, 0x4, 0x0, 0x20}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000bc0)=[{0x1, 0x5, 0x4, 0xc}, {0x3, 0x1, 0x1, 0x5}, {0x4, 0x1, 0x10, 0x2}, {0x5, 0x4, 0x10, 0x42c9f8a0596f268}], 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0xa, &(0x7f00000001c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x33}, @alu={0x4, 0x1, 0x8, 0x7, 0x2, 0x40, 0xfffffffffffffff0}, @map_val={0x18, 0x61ac296d35ab4b64, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x50, '\x00', r2, 0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x9}, 0x10, r3, r1, 0x7, &(0x7f0000000740)=[r0, r0, r4, r0, 0x1], &(0x7f0000000780)=[{0x4, 0x2, 0xb}, {0x4, 0x5, 0x2, 0x9}, {0x3, 0x2, 0x10, 0x6}, {0x0, 0x1, 0x7, 0xc}, {0x0, 0x1, 0xa, 0x9}, {0x0, 0x3, 0x4, 0x1}, {0x487a, 0x1, 0xb, 0x9}], 0x10, 0x5}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='siox_set_data\x00', r1}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x7fff, <r8=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r8, 0x4)

21:57:48 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52)

[  133.334259][ T2874] FAULT_INJECTION: forcing a failure.
[  133.334259][ T2874] name failslab, interval 1, probability 0, space 0, times 0
[  133.358047][ T2879] FAULT_INJECTION: forcing a failure.
[  133.358047][ T2879] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  133.386696][ T2874] CPU: 0 PID: 2874 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  133.396776][ T2874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  133.406673][ T2874] Call Trace:
[  133.409800][ T2874]  <TASK>
[  133.412575][ T2874]  dump_stack_lvl+0x151/0x1b7
[  133.417086][ T2874]  ? io_uring_drop_tctx_refs+0x190/0x190
[  133.422558][ T2874]  dump_stack+0x15/0x17
[  133.426546][ T2874]  should_fail+0x3c6/0x510
[  133.430816][ T2874]  __should_failslab+0xa4/0xe0
[  133.435401][ T2874]  ? anon_vma_fork+0x1df/0x4e0
[  133.440001][ T2874]  should_failslab+0x9/0x20
[  133.444338][ T2874]  slab_pre_alloc_hook+0x37/0xd0
[  133.449111][ T2874]  ? anon_vma_fork+0x1df/0x4e0
[  133.453713][ T2874]  kmem_cache_alloc+0x44/0x200
[  133.458318][ T2874]  anon_vma_fork+0x1df/0x4e0
[  133.462745][ T2874]  copy_mm+0xa3a/0x13e0
[  133.466737][ T2874]  ? copy_signal+0x610/0x610
[  133.471156][ T2874]  ? __init_rwsem+0xd6/0x1c0
[  133.475582][ T2874]  ? copy_signal+0x4e3/0x610
[  133.480014][ T2874]  copy_process+0x1149/0x3290
[  133.484527][ T2874]  ? proc_fail_nth_write+0x20b/0x290
[  133.489649][ T2874]  ? fsnotify_perm+0x6a/0x5d0
[  133.494157][ T2874]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  133.499105][ T2874]  ? vfs_write+0x9ec/0x1110
[  133.503452][ T2874]  kernel_clone+0x21e/0x9e0
[  133.507785][ T2874]  ? file_end_write+0x1c0/0x1c0
[  133.512469][ T2874]  ? create_io_thread+0x1e0/0x1e0
[  133.517328][ T2874]  ? mutex_unlock+0xb2/0x260
[  133.521760][ T2874]  ? __mutex_lock_slowpath+0x10/0x10
[  133.526883][ T2874]  __x64_sys_clone+0x23f/0x290
[  133.531476][ T2874]  ? __do_sys_vfork+0x130/0x130
[  133.536164][ T2874]  ? ksys_write+0x260/0x2c0
[  133.540592][ T2874]  ? debug_smp_processor_id+0x17/0x20
[  133.545885][ T2874]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  133.551787][ T2874]  ? exit_to_user_mode_prepare+0x39/0xa0
[  133.557256][ T2874]  do_syscall_64+0x3d/0xb0
[  133.561513][ T2874]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  133.567236][ T2874] RIP: 0033:0x7f7a0de6fda9
[  133.571490][ T2874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  133.590932][ T2874] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  133.599180][ T2874] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  133.607073][ T2874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  133.614885][ T2874] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  133.622790][ T2874] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  133.630593][ T2874] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  133.638414][ T2874]  </TASK>
[  133.641274][ T2879] CPU: 1 PID: 2879 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  133.651340][ T2879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  133.661235][ T2879] Call Trace:
[  133.664357][ T2879]  <TASK>
[  133.667140][ T2879]  dump_stack_lvl+0x151/0x1b7
[  133.671648][ T2879]  ? io_uring_drop_tctx_refs+0x190/0x190
[  133.677120][ T2879]  dump_stack+0x15/0x17
[  133.681111][ T2879]  should_fail+0x3c6/0x510
[  133.685364][ T2879]  should_fail_alloc_page+0x5a/0x80
[  133.690397][ T2879]  prepare_alloc_pages+0x15c/0x700
[  133.695351][ T2879]  ? __alloc_pages_bulk+0xe40/0xe40
[  133.700381][ T2879]  __alloc_pages+0x18c/0x8f0
[  133.704808][ T2879]  ? prep_new_page+0x110/0x110
[  133.709400][ T2879]  ? __alloc_pages+0x27e/0x8f0
[  133.714003][ T2879]  ? __kasan_check_write+0x14/0x20
[  133.718946][ T2879]  ? _raw_spin_lock+0xa4/0x1b0
[  133.723547][ T2879]  __pmd_alloc+0xb1/0x550
[  133.727715][ T2879]  ? __pud_alloc+0x260/0x260
[  133.732225][ T2879]  ? __pud_alloc+0x213/0x260
[  133.736772][ T2879]  ? do_handle_mm_fault+0x2330/0x2330
[  133.741947][ T2879]  ? __stack_depot_save+0x34/0x470
[  133.746901][ T2879]  ? anon_vma_clone+0x9a/0x500
[  133.751504][ T2879]  copy_page_range+0x2b3d/0x2f90
[  133.756269][ T2879]  ? __kasan_slab_alloc+0xb1/0xe0
[  133.761127][ T2879]  ? slab_post_alloc_hook+0x53/0x2c0
[  133.766250][ T2879]  ? copy_mm+0xa3a/0x13e0
[  133.770414][ T2879]  ? copy_process+0x1149/0x3290
[  133.775103][ T2879]  ? kernel_clone+0x21e/0x9e0
[  133.779617][ T2879]  ? do_syscall_64+0x3d/0xb0
[  133.784040][ T2879]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  133.789959][ T2879]  ? pfn_valid+0x1e0/0x1e0
[  133.794197][ T2879]  ? rwsem_write_trylock+0x15b/0x290
[  133.799411][ T2879]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  133.805660][ T2879]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  133.811218][ T2879]  ? __rb_insert_augmented+0x5de/0x610
[  133.816512][ T2879]  copy_mm+0xc7e/0x13e0
[  133.820508][ T2879]  ? copy_signal+0x610/0x610
[  133.824938][ T2879]  ? __init_rwsem+0xd6/0x1c0
[  133.829358][ T2879]  ? copy_signal+0x4e3/0x610
[  133.833781][ T2879]  copy_process+0x1149/0x3290
[  133.838298][ T2879]  ? proc_fail_nth_write+0x20b/0x290
[  133.843415][ T2879]  ? fsnotify_perm+0x6a/0x5d0
[  133.847931][ T2879]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  133.852877][ T2879]  ? vfs_write+0x9ec/0x1110
[  133.857217][ T2879]  kernel_clone+0x21e/0x9e0
[  133.861558][ T2879]  ? file_end_write+0x1c0/0x1c0
[  133.866242][ T2879]  ? create_io_thread+0x1e0/0x1e0
[  133.871104][ T2879]  ? mutex_unlock+0xb2/0x260
[  133.875530][ T2879]  ? __mutex_lock_slowpath+0x10/0x10
[  133.880652][ T2879]  __x64_sys_clone+0x23f/0x290
[  133.885252][ T2879]  ? __do_sys_vfork+0x130/0x130
[  133.889937][ T2879]  ? ksys_write+0x260/0x2c0
[  133.894277][ T2879]  ? debug_smp_processor_id+0x17/0x20
[  133.899485][ T2879]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  133.905387][ T2879]  ? exit_to_user_mode_prepare+0x39/0xa0
[  133.910854][ T2879]  do_syscall_64+0x3d/0xb0
[  133.915106][ T2879]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  133.920838][ T2879] RIP: 0033:0x7faae203fda9
[  133.925091][ T2879] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  133.944531][ T2879] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  133.952775][ T2879] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  133.960585][ T2879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  133.968402][ T2879] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  133.976209][ T2879] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:48 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

21:57:48 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  133.984020][ T2879] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  133.991837][ T2879]  </TASK>
[  134.018955][ T2885] FAULT_INJECTION: forcing a failure.
[  134.018955][ T2885] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.037487][ T2885] CPU: 0 PID: 2885 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  134.047575][ T2885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  134.057472][ T2885] Call Trace:
[  134.060592][ T2885]  <TASK>
[  134.063371][ T2885]  dump_stack_lvl+0x151/0x1b7
21:57:48 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  134.067891][ T2885]  ? io_uring_drop_tctx_refs+0x190/0x190
[  134.073357][ T2885]  dump_stack+0x15/0x17
[  134.077346][ T2885]  should_fail+0x3c6/0x510
[  134.081600][ T2885]  should_fail_alloc_page+0x5a/0x80
[  134.086630][ T2885]  prepare_alloc_pages+0x15c/0x700
[  134.091579][ T2885]  ? __alloc_pages_bulk+0xe40/0xe40
[  134.096619][ T2885]  __alloc_pages+0x18c/0x8f0
[  134.101040][ T2885]  ? prep_new_page+0x110/0x110
[  134.105635][ T2885]  ? __alloc_pages+0x27e/0x8f0
[  134.110241][ T2885]  ? __kasan_check_write+0x14/0x20
[  134.115187][ T2885]  ? _raw_spin_lock+0xa4/0x1b0
[  134.119788][ T2885]  __pmd_alloc+0xb1/0x550
[  134.123949][ T2885]  ? __pud_alloc+0x260/0x260
[  134.128389][ T2885]  ? __pud_alloc+0x213/0x260
[  134.132808][ T2885]  ? do_handle_mm_fault+0x2330/0x2330
[  134.138015][ T2885]  ? __stack_depot_save+0x34/0x470
[  134.142964][ T2885]  ? anon_vma_clone+0x9a/0x500
[  134.147562][ T2885]  copy_page_range+0x2b3d/0x2f90
[  134.152336][ T2885]  ? __kasan_slab_alloc+0xb1/0xe0
[  134.157196][ T2885]  ? slab_post_alloc_hook+0x53/0x2c0
[  134.162324][ T2885]  ? copy_mm+0xa3a/0x13e0
[  134.166496][ T2885]  ? copy_process+0x1149/0x3290
[  134.171167][ T2885]  ? kernel_clone+0x21e/0x9e0
[  134.175679][ T2885]  ? do_syscall_64+0x3d/0xb0
[  134.180109][ T2885]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  134.186022][ T2885]  ? pfn_valid+0x1e0/0x1e0
[  134.190262][ T2885]  ? rwsem_write_trylock+0x15b/0x290
[  134.195383][ T2885]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  134.201633][ T2885]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  134.207273][ T2885]  ? __rb_insert_augmented+0x5de/0x610
[  134.212570][ T2885]  copy_mm+0xc7e/0x13e0
[  134.216567][ T2885]  ? copy_signal+0x610/0x610
[  134.220985][ T2885]  ? __init_rwsem+0xd6/0x1c0
[  134.225413][ T2885]  ? copy_signal+0x4e3/0x610
[  134.229841][ T2885]  copy_process+0x1149/0x3290
[  134.234353][ T2885]  ? proc_fail_nth_write+0x20b/0x290
[  134.239477][ T2885]  ? fsnotify_perm+0x6a/0x5d0
[  134.243987][ T2885]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  134.248937][ T2885]  ? vfs_write+0x9ec/0x1110
[  134.253277][ T2885]  kernel_clone+0x21e/0x9e0
[  134.257611][ T2885]  ? file_end_write+0x1c0/0x1c0
[  134.262302][ T2885]  ? create_io_thread+0x1e0/0x1e0
[  134.267163][ T2885]  ? mutex_unlock+0xb2/0x260
[  134.271590][ T2885]  ? __mutex_lock_slowpath+0x10/0x10
[  134.276707][ T2885]  __x64_sys_clone+0x23f/0x290
[  134.281309][ T2885]  ? __do_sys_vfork+0x130/0x130
[  134.285993][ T2885]  ? ksys_write+0x260/0x2c0
[  134.290340][ T2885]  ? debug_smp_processor_id+0x17/0x20
[  134.295544][ T2885]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  134.301447][ T2885]  ? exit_to_user_mode_prepare+0x39/0xa0
[  134.306912][ T2885]  do_syscall_64+0x3d/0xb0
[  134.311165][ T2885]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  134.316891][ T2885] RIP: 0033:0x7f7a0de6fda9
[  134.321147][ T2885] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  134.340592][ T2885] RSP: 002b:00007f7a0cbf1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  134.348831][ T2885] RAX: ffffffffffffffda RBX: 00007f7a0df9df80 RCX: 00007f7a0de6fda9
[  134.356642][ T2885] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:49 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53)

21:57:49 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4, 0xffffffff}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async, rerun: 64)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], <r3=>0x0, 0x62, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf4, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)=r1}, 0x20) (async)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001240)=r3, 0x4) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x18, 0x11, &(0x7f0000002ec0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@generic={0xff, 0x2, 0x1, 0x7f}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000002f80)='GPL\x00'}, 0x90) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x11, 0x9, &(0x7f0000001080)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffc}], &(0x7f0000001100)='syzkaller\x00', 0xffffffff, 0xd4, &(0x7f0000001140)=""/212, 0x41000, 0x11, '\x00', r2, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001280)={0x2, 0xf, 0x0, 0xffffffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000012c0)=[r6, r4], &(0x7f0000001300), 0x10, 0xe8000000}, 0x90) (async, rerun: 32)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000e40)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x1f, 0xc, &(0x7f0000000cc0)=@raw=[@btf_id={0x18, 0x8, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x9}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80}}], &(0x7f0000000d40)='GPL\x00', 0xf87f, 0xba, &(0x7f0000000d80)=""/186, 0x41100, 0x26, '\x00', r2, 0x1e, r7, 0x8, &(0x7f0000000e80)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000ec0)={0x4, 0x1, 0x5, 0x8001}, 0x10, r3, r1, 0x6, &(0x7f0000000f00)=[r4, r0, r0, r4, r4, r4, r0], &(0x7f0000000f40)=[{0x3, 0x1, 0xe, 0xc}, {0x2, 0x2, 0xf, 0x1}, {0x0, 0x5, 0x0, 0x4}, {0x3, 0x4, 0x5, 0xb}, {0x1, 0x5, 0x9, 0x2}, {0x1, 0x5, 0x3, 0x2}], 0x10, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x18, 0x4, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x200}, [@ldst={0x1, 0x1, 0x0, 0x1, 0xa, 0x40, 0x1}]}, &(0x7f0000000900)='syzkaller\x00', 0x6, 0xb6, &(0x7f0000000a40)=""/182, 0x41100, 0x4, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x3, 0x4, 0x0, 0x20}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000bc0)=[{0x1, 0x5, 0x4, 0xc}, {0x3, 0x1, 0x1, 0x5}, {0x4, 0x1, 0x10, 0x2}, {0x5, 0x4, 0x10, 0x42c9f8a0596f268}], 0x10, 0x1}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0xa, &(0x7f00000001c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x33}, @alu={0x4, 0x1, 0x8, 0x7, 0x2, 0x40, 0xfffffffffffffff0}, @map_val={0x18, 0x61ac296d35ab4b64, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x50, '\x00', r2, 0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x9}, 0x10, r3, r1, 0x7, &(0x7f0000000740)=[r0, r0, r4, r0, 0x1], &(0x7f0000000780)=[{0x4, 0x2, 0xb}, {0x4, 0x5, 0x2, 0x9}, {0x3, 0x2, 0x10, 0x6}, {0x0, 0x1, 0x7, 0xc}, {0x0, 0x1, 0xa, 0x9}, {0x0, 0x3, 0x4, 0x1}, {0x487a, 0x1, 0xb, 0x9}], 0x10, 0x5}, 0x90) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='siox_set_data\x00', r1}, 0x10) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x7fff, <r8=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r8, 0x4)

[  134.364451][ T2885] RBP: 00007f7a0cbf1120 R08: 0000000000000000 R09: 0000000000000000
[  134.372261][ T2885] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  134.380079][ T2885] R13: 000000000000000b R14: 00007f7a0df9df80 R15: 00007fffe93d3338
[  134.387887][ T2885]  </TASK>
21:57:49 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

[  134.415567][ T2894] FAULT_INJECTION: forcing a failure.
[  134.415567][ T2894] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.433237][ T2894] CPU: 0 PID: 2894 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  134.443319][ T2894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  134.453213][ T2894] Call Trace:
[  134.456333][ T2894]  <TASK>
[  134.459107][ T2894]  dump_stack_lvl+0x151/0x1b7
[  134.463655][ T2894]  ? io_uring_drop_tctx_refs+0x190/0x190
[  134.469092][ T2894]  ? kmem_cache_alloc+0x134/0x200
[  134.473952][ T2894]  dump_stack+0x15/0x17
[  134.477944][ T2894]  should_fail+0x3c6/0x510
[  134.482197][ T2894]  should_fail_alloc_page+0x5a/0x80
[  134.487226][ T2894]  prepare_alloc_pages+0x15c/0x700
[  134.492175][ T2894]  ? __alloc_pages_bulk+0xe40/0xe40
[  134.497210][ T2894]  __alloc_pages+0x18c/0x8f0
[  134.501636][ T2894]  ? prep_new_page+0x110/0x110
[  134.506235][ T2894]  ? __alloc_pages+0x27e/0x8f0
[  134.510836][ T2894]  ? __kasan_check_write+0x14/0x20
[  134.515785][ T2894]  ? _raw_spin_lock+0xa4/0x1b0
[  134.520384][ T2894]  __pmd_alloc+0xb1/0x550
[  134.524555][ T2894]  ? __pud_alloc+0x260/0x260
[  134.528978][ T2894]  ? __pud_alloc+0x213/0x260
[  134.533401][ T2894]  ? do_handle_mm_fault+0x2330/0x2330
[  134.538608][ T2894]  ? __stack_depot_save+0x34/0x470
[  134.543565][ T2894]  ? anon_vma_clone+0x9a/0x500
[  134.548156][ T2894]  copy_page_range+0x2b3d/0x2f90
[  134.552930][ T2894]  ? __kasan_slab_alloc+0xb1/0xe0
[  134.557791][ T2894]  ? slab_post_alloc_hook+0x53/0x2c0
[  134.563047][ T2894]  ? copy_mm+0xa3a/0x13e0
[  134.567225][ T2894]  ? copy_process+0x1149/0x3290
[  134.571907][ T2894]  ? kernel_clone+0x21e/0x9e0
[  134.576430][ T2894]  ? do_syscall_64+0x3d/0xb0
[  134.580846][ T2894]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  134.586756][ T2894]  ? pfn_valid+0x1e0/0x1e0
[  134.590998][ T2894]  ? rwsem_write_trylock+0x15b/0x290
[  134.596118][ T2894]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  134.602367][ T2894]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  134.607925][ T2894]  ? __rb_insert_augmented+0x5de/0x610
[  134.613218][ T2894]  copy_mm+0xc7e/0x13e0
[  134.617212][ T2894]  ? copy_signal+0x610/0x610
[  134.621763][ T2894]  ? __init_rwsem+0xd6/0x1c0
[  134.626263][ T2894]  ? copy_signal+0x4e3/0x610
[  134.630682][ T2894]  copy_process+0x1149/0x3290
[  134.635199][ T2894]  ? proc_fail_nth_write+0x20b/0x290
[  134.640405][ T2894]  ? fsnotify_perm+0x6a/0x5d0
[  134.644914][ T2894]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  134.649861][ T2894]  ? vfs_write+0x9ec/0x1110
[  134.654201][ T2894]  kernel_clone+0x21e/0x9e0
[  134.658540][ T2894]  ? file_end_write+0x1c0/0x1c0
[  134.663226][ T2894]  ? create_io_thread+0x1e0/0x1e0
[  134.668087][ T2894]  ? mutex_unlock+0xb2/0x260
[  134.672514][ T2894]  ? __mutex_lock_slowpath+0x10/0x10
[  134.677636][ T2894]  __x64_sys_clone+0x23f/0x290
[  134.682235][ T2894]  ? __do_sys_vfork+0x130/0x130
[  134.686920][ T2894]  ? ksys_write+0x260/0x2c0
[  134.691271][ T2894]  ? debug_smp_processor_id+0x17/0x20
[  134.696475][ T2894]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  134.702461][ T2894]  ? exit_to_user_mode_prepare+0x39/0xa0
[  134.707929][ T2894]  do_syscall_64+0x3d/0xb0
[  134.712179][ T2894]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  134.717909][ T2894] RIP: 0033:0x7faae203fda9
[  134.722162][ T2894] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  134.741605][ T2894] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  134.749854][ T2894] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  134.757658][ T2894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:49 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:49 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54)

21:57:49 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4, 0xffffffff}, 0x48) (async)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4, 0xffffffff}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x62, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf4, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], <r3=>0x0, 0x62, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0xf4, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)=r1}, 0x20)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001240)=r3, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x18, 0x11, &(0x7f0000002ec0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@generic={0xff, 0x2, 0x1, 0x7f}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000002f80)='GPL\x00'}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001340)={0x11, 0x9, &(0x7f0000001080)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffc}], &(0x7f0000001100)='syzkaller\x00', 0xffffffff, 0xd4, &(0x7f0000001140)=""/212, 0x41000, 0x11, '\x00', r2, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001280)={0x2, 0xf, 0x0, 0xffffffff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000012c0)=[r6, r4], &(0x7f0000001300), 0x10, 0xe8000000}, 0x90)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000e40)=r3, 0x4) (async)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000e40)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x1f, 0xc, &(0x7f0000000cc0)=@raw=[@btf_id={0x18, 0x8, 0x3, 0x0, 0x2}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x9}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80}}], &(0x7f0000000d40)='GPL\x00', 0xf87f, 0xba, &(0x7f0000000d80)=""/186, 0x41100, 0x26, '\x00', r2, 0x1e, r7, 0x8, &(0x7f0000000e80)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000ec0)={0x4, 0x1, 0x5, 0x8001}, 0x10, r3, r1, 0x6, &(0x7f0000000f00)=[r4, r0, r0, r4, r4, r4, r0], &(0x7f0000000f40)=[{0x3, 0x1, 0xe, 0xc}, {0x2, 0x2, 0xf, 0x1}, {0x0, 0x5, 0x0, 0x4}, {0x3, 0x4, 0x5, 0xb}, {0x1, 0x5, 0x9, 0x2}, {0x1, 0x5, 0x3, 0x2}], 0x10, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x18, 0x4, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x200}, [@ldst={0x1, 0x1, 0x0, 0x1, 0xa, 0x40, 0x1}]}, &(0x7f0000000900)='syzkaller\x00', 0x6, 0xb6, &(0x7f0000000a40)=""/182, 0x41100, 0x4, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x3, 0x4, 0x0, 0x20}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000bc0)=[{0x1, 0x5, 0x4, 0xc}, {0x3, 0x1, 0x1, 0x5}, {0x4, 0x1, 0x10, 0x2}, {0x5, 0x4, 0x10, 0x42c9f8a0596f268}], 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0xa, &(0x7f00000001c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x33}, @alu={0x4, 0x1, 0x8, 0x7, 0x2, 0x40, 0xfffffffffffffff0}, @map_val={0x18, 0x61ac296d35ab4b64, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x50, '\x00', r2, 0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x9}, 0x10, r3, r1, 0x7, &(0x7f0000000740)=[r0, r0, r4, r0, 0x1], &(0x7f0000000780)=[{0x4, 0x2, 0xb}, {0x4, 0x5, 0x2, 0x9}, {0x3, 0x2, 0x10, 0x6}, {0x0, 0x1, 0x7, 0xc}, {0x0, 0x1, 0xa, 0x9}, {0x0, 0x3, 0x4, 0x1}, {0x487a, 0x1, 0xb, 0x9}], 0x10, 0x5}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0xa, &(0x7f00000001c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x33}, @alu={0x4, 0x1, 0x8, 0x7, 0x2, 0x40, 0xfffffffffffffff0}, @map_val={0x18, 0x61ac296d35ab4b64, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x50, '\x00', r2, 0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x9}, 0x10, r3, r1, 0x7, &(0x7f0000000740)=[r0, r0, r4, r0, 0x1], &(0x7f0000000780)=[{0x4, 0x2, 0xb}, {0x4, 0x5, 0x2, 0x9}, {0x3, 0x2, 0x10, 0x6}, {0x0, 0x1, 0x7, 0xc}, {0x0, 0x1, 0xa, 0x9}, {0x0, 0x3, 0x4, 0x1}, {0x487a, 0x1, 0xb, 0x9}], 0x10, 0x5}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='siox_set_data\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='siox_set_data\x00', r1}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x7fff}, 0x8) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x7fff, <r8=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r8, 0x4)

[  134.765474][ T2894] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  134.773281][ T2894] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  134.781091][ T2894] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  134.788909][ T2894]  </TASK>
21:57:49 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  134.822609][ T2909] FAULT_INJECTION: forcing a failure.
[  134.822609][ T2909] name failslab, interval 1, probability 0, space 0, times 0
[  134.849623][ T2909] CPU: 1 PID: 2909 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  134.859713][ T2909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  134.869618][ T2909] Call Trace:
21:57:49 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:49 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  134.872729][ T2909]  <TASK>
[  134.875509][ T2909]  dump_stack_lvl+0x151/0x1b7
[  134.880023][ T2909]  ? io_uring_drop_tctx_refs+0x190/0x190
[  134.885491][ T2909]  dump_stack+0x15/0x17
[  134.889478][ T2909]  should_fail+0x3c6/0x510
[  134.893731][ T2909]  __should_failslab+0xa4/0xe0
[  134.898334][ T2909]  ? vm_area_dup+0x26/0x230
[  134.902673][ T2909]  should_failslab+0x9/0x20
[  134.907013][ T2909]  slab_pre_alloc_hook+0x37/0xd0
[  134.911787][ T2909]  ? vm_area_dup+0x26/0x230
[  134.916125][ T2909]  kmem_cache_alloc+0x44/0x200
[  134.920724][ T2909]  vm_area_dup+0x26/0x230
[  134.924893][ T2909]  copy_mm+0x9a1/0x13e0
[  134.928890][ T2909]  ? copy_signal+0x610/0x610
[  134.933313][ T2909]  ? __init_rwsem+0xd6/0x1c0
[  134.937740][ T2909]  ? copy_signal+0x4e3/0x610
[  134.942166][ T2909]  copy_process+0x1149/0x3290
[  134.946679][ T2909]  ? proc_fail_nth_write+0x20b/0x290
[  134.950940][ T2905] FAULT_INJECTION: forcing a failure.
[  134.950940][ T2905] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.951798][ T2909]  ? fsnotify_perm+0x6a/0x5d0
[  134.951830][ T2909]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  134.974279][ T2909]  ? vfs_write+0x9ec/0x1110
[  134.978619][ T2909]  kernel_clone+0x21e/0x9e0
[  134.982955][ T2909]  ? file_end_write+0x1c0/0x1c0
[  134.987642][ T2909]  ? create_io_thread+0x1e0/0x1e0
[  134.992512][ T2909]  ? mutex_unlock+0xb2/0x260
[  134.996930][ T2909]  ? __mutex_lock_slowpath+0x10/0x10
[  135.002050][ T2909]  __x64_sys_clone+0x23f/0x290
[  135.006648][ T2909]  ? __do_sys_vfork+0x130/0x130
[  135.011334][ T2909]  ? ksys_write+0x260/0x2c0
[  135.015679][ T2909]  ? debug_smp_processor_id+0x17/0x20
[  135.020883][ T2909]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  135.026784][ T2909]  ? exit_to_user_mode_prepare+0x39/0xa0
[  135.032253][ T2909]  do_syscall_64+0x3d/0xb0
[  135.036503][ T2909]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  135.042233][ T2909] RIP: 0033:0x7faae203fda9
[  135.046485][ T2909] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  135.065932][ T2909] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  135.074170][ T2909] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  135.081981][ T2909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  135.089795][ T2909] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  135.097604][ T2909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  135.105415][ T2909] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  135.113237][ T2909]  </TASK>
[  135.131812][ T2905] CPU: 0 PID: 2905 Comm: syz-executor.3 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  135.141899][ T2905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  135.151792][ T2905] Call Trace:
[  135.154913][ T2905]  <TASK>
[  135.157693][ T2905]  dump_stack_lvl+0x151/0x1b7
[  135.162203][ T2905]  ? io_uring_drop_tctx_refs+0x190/0x190
[  135.167673][ T2905]  dump_stack+0x15/0x17
[  135.171662][ T2905]  should_fail+0x3c6/0x510
[  135.175921][ T2905]  should_fail_alloc_page+0x5a/0x80
[  135.180951][ T2905]  prepare_alloc_pages+0x15c/0x700
[  135.185904][ T2905]  ? __alloc_pages_bulk+0xe40/0xe40
[  135.190934][ T2905]  __alloc_pages+0x18c/0x8f0
[  135.195363][ T2905]  ? prep_new_page+0x110/0x110
[  135.199958][ T2905]  ? __alloc_pages+0x27e/0x8f0
[  135.204562][ T2905]  ? __kasan_check_write+0x14/0x20
[  135.209508][ T2905]  ? _raw_spin_lock+0xa4/0x1b0
[  135.214109][ T2905]  __pmd_alloc+0xb1/0x550
[  135.218274][ T2905]  ? __pud_alloc+0x260/0x260
[  135.222699][ T2905]  ? __pud_alloc+0x213/0x260
[  135.227128][ T2905]  ? do_handle_mm_fault+0x2330/0x2330
[  135.232334][ T2905]  ? __stack_depot_save+0x34/0x470
[  135.237280][ T2905]  ? anon_vma_clone+0x9a/0x500
[  135.241890][ T2905]  copy_page_range+0x2b3d/0x2f90
[  135.246655][ T2905]  ? __kasan_slab_alloc+0xb1/0xe0
[  135.251514][ T2905]  ? slab_post_alloc_hook+0x53/0x2c0
[  135.256637][ T2905]  ? copy_mm+0xa3a/0x13e0
[  135.261007][ T2905]  ? copy_process+0x1149/0x3290
[  135.265692][ T2905]  ? kernel_clone+0x21e/0x9e0
[  135.270224][ T2905]  ? do_syscall_64+0x3d/0xb0
[  135.274633][ T2905]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  135.280547][ T2905]  ? pfn_valid+0x1e0/0x1e0
[  135.284787][ T2905]  ? rwsem_write_trylock+0x15b/0x290
[  135.289911][ T2905]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  135.296163][ T2905]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  135.301715][ T2905]  ? __rb_insert_augmented+0x5de/0x610
[  135.307012][ T2905]  copy_mm+0xc7e/0x13e0
[  135.311002][ T2905]  ? copy_signal+0x610/0x610
[  135.315424][ T2905]  ? __init_rwsem+0xd6/0x1c0
[  135.319850][ T2905]  ? copy_signal+0x4e3/0x610
[  135.324280][ T2905]  copy_process+0x1149/0x3290
[  135.328795][ T2905]  ? proc_fail_nth_write+0x20b/0x290
[  135.333912][ T2905]  ? fsnotify_perm+0x6a/0x5d0
[  135.338423][ T2905]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  135.343367][ T2905]  ? vfs_write+0x9ec/0x1110
[  135.347710][ T2905]  kernel_clone+0x21e/0x9e0
[  135.352046][ T2905]  ? file_end_write+0x1c0/0x1c0
[  135.356734][ T2905]  ? create_io_thread+0x1e0/0x1e0
[  135.361592][ T2905]  ? mutex_unlock+0xb2/0x260
[  135.366025][ T2905]  ? __mutex_lock_slowpath+0x10/0x10
[  135.371238][ T2905]  __x64_sys_clone+0x23f/0x290
[  135.375837][ T2905]  ? __do_sys_vfork+0x130/0x130
[  135.380523][ T2905]  ? ksys_write+0x260/0x2c0
[  135.384864][ T2905]  ? debug_smp_processor_id+0x17/0x20
[  135.390072][ T2905]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  135.395972][ T2905]  ? exit_to_user_mode_prepare+0x39/0xa0
[  135.401445][ T2905]  do_syscall_64+0x3d/0xb0
[  135.405694][ T2905]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  135.411421][ T2905] RIP: 0033:0x7f7a0de6fda9
21:57:50 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55)

[  135.415676][ T2905] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  135.435116][ T2905] RSP: 002b:00007f7a0cbd0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  135.443362][ T2905] RAX: ffffffffffffffda RBX: 00007f7a0df9e050 RCX: 00007f7a0de6fda9
[  135.451173][ T2905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  135.459070][ T2905] RBP: 00007f7a0cbd0120 R08: 0000000000000000 R09: 0000000000000000
[  135.466881][ T2905] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  135.474692][ T2905] R13: 000000000000006e R14: 00007f7a0df9e050 R15: 00007fffe93d3338
21:57:50 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:50 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  135.482510][ T2905]  </TASK>
[  135.491773][ T2923] FAULT_INJECTION: forcing a failure.
[  135.491773][ T2923] name failslab, interval 1, probability 0, space 0, times 0
[  135.517853][ T2923] CPU: 0 PID: 2923 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  135.527937][ T2923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  135.537837][ T2923] Call Trace:
[  135.540953][ T2923]  <TASK>
[  135.543727][ T2923]  dump_stack_lvl+0x151/0x1b7
[  135.548243][ T2923]  ? io_uring_drop_tctx_refs+0x190/0x190
[  135.553710][ T2923]  dump_stack+0x15/0x17
[  135.557701][ T2923]  should_fail+0x3c6/0x510
[  135.561956][ T2923]  __should_failslab+0xa4/0xe0
[  135.566556][ T2923]  ? vm_area_dup+0x26/0x230
[  135.570896][ T2923]  should_failslab+0x9/0x20
[  135.575235][ T2923]  slab_pre_alloc_hook+0x37/0xd0
[  135.580008][ T2923]  ? vm_area_dup+0x26/0x230
[  135.584350][ T2923]  kmem_cache_alloc+0x44/0x200
[  135.588946][ T2923]  vm_area_dup+0x26/0x230
[  135.593111][ T2923]  copy_mm+0x9a1/0x13e0
[  135.597110][ T2923]  ? copy_signal+0x610/0x610
[  135.601539][ T2923]  ? __init_rwsem+0xd6/0x1c0
[  135.605959][ T2923]  ? copy_signal+0x4e3/0x610
[  135.610385][ T2923]  copy_process+0x1149/0x3290
[  135.614902][ T2923]  ? proc_fail_nth_write+0x20b/0x290
[  135.620020][ T2923]  ? fsnotify_perm+0x6a/0x5d0
[  135.624546][ T2923]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  135.629477][ T2923]  ? vfs_write+0x9ec/0x1110
[  135.633821][ T2923]  kernel_clone+0x21e/0x9e0
[  135.638157][ T2923]  ? file_end_write+0x1c0/0x1c0
[  135.642846][ T2923]  ? create_io_thread+0x1e0/0x1e0
[  135.647810][ T2923]  ? mutex_unlock+0xb2/0x260
[  135.652235][ T2923]  ? __mutex_lock_slowpath+0x10/0x10
[  135.657359][ T2923]  __x64_sys_clone+0x23f/0x290
[  135.661954][ T2923]  ? __do_sys_vfork+0x130/0x130
[  135.666639][ T2923]  ? ksys_write+0x260/0x2c0
[  135.671071][ T2923]  ? debug_smp_processor_id+0x17/0x20
[  135.676272][ T2923]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  135.682174][ T2923]  ? exit_to_user_mode_prepare+0x39/0xa0
[  135.687644][ T2923]  do_syscall_64+0x3d/0xb0
[  135.691895][ T2923]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  135.697623][ T2923] RIP: 0033:0x7faae203fda9
[  135.701879][ T2923] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  135.721320][ T2923] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:50 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:50 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:50 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  135.729563][ T2923] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  135.737377][ T2923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  135.745188][ T2923] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  135.753110][ T2923] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  135.760917][ T2923] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  135.768736][ T2923]  </TASK>
21:57:50 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56)

21:57:50 executing program 0:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x112, 0x112, 0xc, [@enum={0xb, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x40}]}, @datasec={0x1, 0x8, 0x0, 0xf, 0x2, [{0x2, 0x52, 0x9153}, {0x3, 0x4, 0x75ba99bc}, {0x5, 0xc541, 0x1}, {0x4, 0x3, 0xfffffffa}, {0x2, 0x9}, {0x2, 0x5, 0xfc53}, {0x2, 0x1000, 0x7fffffff}, {0x3, 0x8, 0x5}], "10f0"}, @struct={0x4, 0x2, 0x0, 0x4, 0x1, 0x8000, [{0x0, 0x4, 0x5}, {0xa, 0x0, 0x8}]}, @fwd={0xe}, @union={0x2, 0x3, 0x0, 0x5, 0x0, 0x3ff, [{0x6, 0x1, 0x3}, {0xb, 0x3, 0x2c78}, {0x3ff, 0x3}]}, @fwd={0x3}, @union={0x8, 0x1, 0x0, 0x5, 0x1, 0x3ff, [{0x6, 0x0, 0x5}]}, @fwd={0x3}]}, {0x0, [0x61, 0x0, 0x0, 0x61, 0x2e, 0x5f, 0x5f, 0x5f, 0x5f, 0x0]}}, &(0x7f00000002c0)=""/158, 0x138, 0x9e, 0x1, 0x7}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r1, 0x0, '\x00', 0x0, r0, 0x2, 0x4, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:50 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821102, 0x0, 0x0, 0x0, 0x0, 0x0)

[  135.848248][ T2940] FAULT_INJECTION: forcing a failure.
[  135.848248][ T2940] name failslab, interval 1, probability 0, space 0, times 0
[  135.860880][ T2940] CPU: 0 PID: 2940 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  135.870952][ T2940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  135.880852][ T2940] Call Trace:
[  135.883978][ T2940]  <TASK>
[  135.886746][ T2940]  dump_stack_lvl+0x151/0x1b7
[  135.891263][ T2940]  ? io_uring_drop_tctx_refs+0x190/0x190
[  135.896737][ T2940]  dump_stack+0x15/0x17
[  135.900725][ T2940]  should_fail+0x3c6/0x510
[  135.904974][ T2940]  __should_failslab+0xa4/0xe0
[  135.909573][ T2940]  ? vm_area_dup+0x26/0x230
[  135.913912][ T2940]  should_failslab+0x9/0x20
[  135.918254][ T2940]  slab_pre_alloc_hook+0x37/0xd0
[  135.923025][ T2940]  ? vm_area_dup+0x26/0x230
[  135.927360][ T2940]  kmem_cache_alloc+0x44/0x200
[  135.931962][ T2940]  vm_area_dup+0x26/0x230
[  135.936131][ T2940]  copy_mm+0x9a1/0x13e0
[  135.940127][ T2940]  ? copy_signal+0x610/0x610
[  135.944548][ T2940]  ? __init_rwsem+0xd6/0x1c0
[  135.948974][ T2940]  ? copy_signal+0x4e3/0x610
[  135.953406][ T2940]  copy_process+0x1149/0x3290
[  135.957915][ T2940]  ? proc_fail_nth_write+0x20b/0x290
[  135.963031][ T2940]  ? fsnotify_perm+0x6a/0x5d0
[  135.967549][ T2940]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  135.972492][ T2940]  ? vfs_write+0x9ec/0x1110
[  135.976834][ T2940]  kernel_clone+0x21e/0x9e0
[  135.981172][ T2940]  ? file_end_write+0x1c0/0x1c0
[  135.985858][ T2940]  ? create_io_thread+0x1e0/0x1e0
[  135.990722][ T2940]  ? mutex_unlock+0xb2/0x260
[  135.995144][ T2940]  ? __mutex_lock_slowpath+0x10/0x10
[  136.000267][ T2940]  __x64_sys_clone+0x23f/0x290
[  136.004866][ T2940]  ? __do_sys_vfork+0x130/0x130
[  136.009552][ T2940]  ? ksys_write+0x260/0x2c0
[  136.013893][ T2940]  ? debug_smp_processor_id+0x17/0x20
[  136.019104][ T2940]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  136.025003][ T2940]  ? exit_to_user_mode_prepare+0x39/0xa0
[  136.030477][ T2940]  do_syscall_64+0x3d/0xb0
[  136.034726][ T2940]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  136.040456][ T2940] RIP: 0033:0x7faae203fda9
[  136.044704][ T2940] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  136.064150][ T2940] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  136.072394][ T2940] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  136.080202][ T2940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  136.088137][ T2940] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:50 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:50 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57)

21:57:50 executing program 0:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x112, 0x112, 0xc, [@enum={0xb, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x40}]}, @datasec={0x1, 0x8, 0x0, 0xf, 0x2, [{0x2, 0x52, 0x9153}, {0x3, 0x4, 0x75ba99bc}, {0x5, 0xc541, 0x1}, {0x4, 0x3, 0xfffffffa}, {0x2, 0x9}, {0x2, 0x5, 0xfc53}, {0x2, 0x1000, 0x7fffffff}, {0x3, 0x8, 0x5}], "10f0"}, @struct={0x4, 0x2, 0x0, 0x4, 0x1, 0x8000, [{0x0, 0x4, 0x5}, {0xa, 0x0, 0x8}]}, @fwd={0xe}, @union={0x2, 0x3, 0x0, 0x5, 0x0, 0x3ff, [{0x6, 0x1, 0x3}, {0xb, 0x3, 0x2c78}, {0x3ff, 0x3}]}, @fwd={0x3}, @union={0x8, 0x1, 0x0, 0x5, 0x1, 0x3ff, [{0x6, 0x0, 0x5}]}, @fwd={0x3}]}, {0x0, [0x61, 0x0, 0x0, 0x61, 0x2e, 0x5f, 0x5f, 0x5f, 0x5f, 0x0]}}, &(0x7f00000002c0)=""/158, 0x138, 0x9e, 0x1, 0x7}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r1, 0x0, '\x00', 0x0, r0, 0x2, 0x4, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x112, 0x112, 0xc, [@enum={0xb, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x40}]}, @datasec={0x1, 0x8, 0x0, 0xf, 0x2, [{0x2, 0x52, 0x9153}, {0x3, 0x4, 0x75ba99bc}, {0x5, 0xc541, 0x1}, {0x4, 0x3, 0xfffffffa}, {0x2, 0x9}, {0x2, 0x5, 0xfc53}, {0x2, 0x1000, 0x7fffffff}, {0x3, 0x8, 0x5}], "10f0"}, @struct={0x4, 0x2, 0x0, 0x4, 0x1, 0x8000, [{0x0, 0x4, 0x5}, {0xa, 0x0, 0x8}]}, @fwd={0xe}, @union={0x2, 0x3, 0x0, 0x5, 0x0, 0x3ff, [{0x6, 0x1, 0x3}, {0xb, 0x3, 0x2c78}, {0x3ff, 0x3}]}, @fwd={0x3}, @union={0x8, 0x1, 0x0, 0x5, 0x1, 0x3ff, [{0x6, 0x0, 0x5}]}, @fwd={0x3}]}, {0x0, [0x61, 0x0, 0x0, 0x61, 0x2e, 0x5f, 0x5f, 0x5f, 0x5f, 0x0]}}, &(0x7f00000002c0)=""/158, 0x138, 0x9e, 0x1, 0x7}, 0x20) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r1, 0x0, '\x00', 0x0, r0, 0x2, 0x4, 0x1}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

21:57:50 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821107, 0x0, 0x0, 0x0, 0x0, 0x0)

[  136.095948][ T2940] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  136.103942][ T2940] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  136.111750][ T2940]  </TASK>
21:57:51 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  136.179569][ T2949] FAULT_INJECTION: forcing a failure.
[  136.179569][ T2949] name failslab, interval 1, probability 0, space 0, times 0
[  136.206755][ T2949] CPU: 1 PID: 2949 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  136.216848][ T2949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  136.226743][ T2949] Call Trace:
[  136.229864][ T2949]  <TASK>
[  136.232642][ T2949]  dump_stack_lvl+0x151/0x1b7
[  136.237154][ T2949]  ? io_uring_drop_tctx_refs+0x190/0x190
[  136.242629][ T2949]  dump_stack+0x15/0x17
[  136.246617][ T2949]  should_fail+0x3c6/0x510
[  136.250871][ T2949]  __should_failslab+0xa4/0xe0
[  136.255465][ T2949]  ? vm_area_dup+0x26/0x230
[  136.259805][ T2949]  should_failslab+0x9/0x20
[  136.264143][ T2949]  slab_pre_alloc_hook+0x37/0xd0
[  136.268920][ T2949]  ? vm_area_dup+0x26/0x230
[  136.273257][ T2949]  kmem_cache_alloc+0x44/0x200
[  136.277858][ T2949]  vm_area_dup+0x26/0x230
[  136.282024][ T2949]  copy_mm+0x9a1/0x13e0
[  136.286018][ T2949]  ? copy_signal+0x610/0x610
[  136.290441][ T2949]  ? __init_rwsem+0xd6/0x1c0
[  136.294867][ T2949]  ? copy_signal+0x4e3/0x610
[  136.299295][ T2949]  copy_process+0x1149/0x3290
[  136.303811][ T2949]  ? proc_fail_nth_write+0x20b/0x290
[  136.308928][ T2949]  ? fsnotify_perm+0x6a/0x5d0
[  136.313444][ T2949]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  136.318388][ T2949]  ? vfs_write+0x9ec/0x1110
[  136.322734][ T2949]  kernel_clone+0x21e/0x9e0
[  136.327070][ T2949]  ? file_end_write+0x1c0/0x1c0
[  136.331758][ T2949]  ? create_io_thread+0x1e0/0x1e0
[  136.336614][ T2949]  ? mutex_unlock+0xb2/0x260
[  136.341043][ T2949]  ? __mutex_lock_slowpath+0x10/0x10
[  136.346164][ T2949]  __x64_sys_clone+0x23f/0x290
[  136.350768][ T2949]  ? __do_sys_vfork+0x130/0x130
[  136.355448][ T2949]  ? ksys_write+0x260/0x2c0
[  136.359816][ T2949]  ? debug_smp_processor_id+0x17/0x20
[  136.365007][ T2949]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  136.370901][ T2949]  ? exit_to_user_mode_prepare+0x39/0xa0
[  136.376366][ T2949]  do_syscall_64+0x3d/0xb0
[  136.380621][ T2949]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  136.386352][ T2949] RIP: 0033:0x7faae203fda9
[  136.390618][ T2949] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  136.410046][ T2949] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  136.418287][ T2949] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:51 executing program 0:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x112, 0x112, 0xc, [@enum={0xb, 0x1, 0x0, 0x6, 0x4, [{0x4, 0x40}]}, @datasec={0x1, 0x8, 0x0, 0xf, 0x2, [{0x2, 0x52, 0x9153}, {0x3, 0x4, 0x75ba99bc}, {0x5, 0xc541, 0x1}, {0x4, 0x3, 0xfffffffa}, {0x2, 0x9}, {0x2, 0x5, 0xfc53}, {0x2, 0x1000, 0x7fffffff}, {0x3, 0x8, 0x5}], "10f0"}, @struct={0x4, 0x2, 0x0, 0x4, 0x1, 0x8000, [{0x0, 0x4, 0x5}, {0xa, 0x0, 0x8}]}, @fwd={0xe}, @union={0x2, 0x3, 0x0, 0x5, 0x0, 0x3ff, [{0x6, 0x1, 0x3}, {0xb, 0x3, 0x2c78}, {0x3ff, 0x3}]}, @fwd={0x3}, @union={0x8, 0x1, 0x0, 0x5, 0x1, 0x3ff, [{0x6, 0x0, 0x5}]}, @fwd={0x3}]}, {0x0, [0x61, 0x0, 0x0, 0x61, 0x2e, 0x5f, 0x5f, 0x5f, 0x5f, 0x0]}}, &(0x7f00000002c0)=""/158, 0x138, 0x9e, 0x1, 0x7}, 0x20) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, r1, 0x0, '\x00', 0x0, r0, 0x2, 0x4, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:51 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58)

21:57:51 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  136.426100][ T2949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  136.433909][ T2949] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  136.441725][ T2949] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  136.449532][ T2949] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  136.457438][ T2949]  </TASK>
[  136.517893][ T2964] FAULT_INJECTION: forcing a failure.
[  136.517893][ T2964] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  136.534582][ T2964] CPU: 1 PID: 2964 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  136.544849][ T2964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  136.554737][ T2964] Call Trace:
[  136.557854][ T2964]  <TASK>
[  136.560630][ T2964]  dump_stack_lvl+0x151/0x1b7
21:57:51 executing program 0:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000f40)={0xffffffffffffffff, 0xe0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000bc0)=[0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000c00)=[0x0], &(0x7f0000000c40)=[0x0, 0x0], 0x0, 0xc7, &(0x7f0000000c80)=[{}], 0x8, 0x10, &(0x7f0000000cc0), &(0x7f0000000d40), 0x8, 0x87, 0x8, 0x8, &(0x7f0000000e00)}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000f80)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffffff7f, '\x00', r1, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], <r4=>0x0, 0x9e, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x53, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', r3, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_update_sb\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000012416ca50100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d0000ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x862a, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r7, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0], <r10=>0x0, 0x63, &(0x7f0000000700)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xd1, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8e7, 0x0, 0x0, 0x0, 0x788}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x5c, &(0x7f00000003c0)=""/92, 0x41100, 0x2a, '\x00', r9, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, r7, 0x8, &(0x7f0000000a40)=[0x1, r11], &(0x7f0000000a80)=[{0x1, 0x2, 0xc, 0x5}, {0x1, 0x5, 0x5, 0x9}, {0x5, 0x2, 0xc, 0xa}, {0x0, 0x3, 0xd, 0x3}, {0x5, 0x3, 0x3, 0x5}, {0x2, 0x2, 0x3, 0x5}, {0x0, 0x1, 0x3, 0xe}, {0x3, 0x1, 0x6, 0x2}], 0x10, 0xfff}, 0x90)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x4, [@enum={0x9, 0x1, 0x0, 0x6, 0x4, [{0x5, 0x1}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @func={0x3, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000640)=""/140, 0x48, 0x8c, 0x1, 0x2}, 0x20)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@generic={&(0x7f00000007c0)='./file0\x00', 0x0, 0x10}, 0x18)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r14}, {}, {}, {0x85, 0x0, 0x0, 0xe}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000d00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r15=>0xffffffffffffffff})
recvmsg$unix(r15, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r16=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r16, 0x0, 0x2000fdef)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x16, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7fffffff}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x200}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @exit, @btf_id={0x18, 0xd, 0x3, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='syzkaller\x00', 0x3f, 0x0, 0x0, 0x41100, 0x0, '\x00', r9, 0x2e, r12, 0x8, &(0x7f0000000740)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000780)={0x2, 0xc, 0x2, 0x1ff}, 0x10, 0xffffffffffffffff, r6, 0x8, &(0x7f0000000840)=[r0, r13, r14, r0, r5, r16, r0], &(0x7f0000000880)=[{0x4, 0x2, 0xf, 0x1}, {0x4, 0x4, 0xa, 0xa}, {0x4, 0x5, 0xf}, {0x2, 0x3, 0xa, 0xb}, {0x1, 0x4, 0x5, 0x2}, {0x1, 0x4, 0x7, 0x2}, {0x3, 0x3, 0x4, 0x5}, {0x0, 0x1, 0xe, 0x5}], 0x10, 0x6}, 0x90)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)={0x1b, 0x0, 0x0, 0xfffff37e, 0x0, r2, 0x2, '\x00', r1, r12, 0x1, 0x1, 0x5}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001340)={r16, 0x58, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r18=>0x0}}, 0x10)
r19 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r19, 0x4030582a, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x9, 0x11, &(0x7f00000010c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xaab}, {{0x18, 0x1, 0x1, 0x0, r17}}, {}, [@map_val={0x18, 0xb, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0xffe00000}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f0000001180)='GPL\x00', 0xfffffe01, 0xd7, &(0x7f00000011c0)=""/215, 0x40f00, 0x0, '\x00', r18, 0x13, r16, 0x8, &(0x7f0000001380)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000013c0)={0x1, 0x6, 0x23, 0xb20}, 0x10, r4, 0xffffffffffffffff, 0x8, &(0x7f0000001400)=[r5, r11, r19, r5, r14, r16, r14, r11, r16], &(0x7f0000001440)=[{0x0, 0x3, 0x3, 0x3}, {0x5, 0x3, 0x4, 0x3}, {0x1, 0x5, 0x7, 0x7}, {0x2, 0x3, 0x8, 0xc}, {0x3, 0x1, 0x6, 0xa}, {0x5, 0x5, 0x10, 0x6}, {0x3, 0x2, 0xf, 0x7}, {0x1, 0x1, 0xb, 0x1}], 0x10, 0x3ff}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001000)={r13}, 0x4)

[  136.565145][ T2964]  ? io_uring_drop_tctx_refs+0x190/0x190
[  136.570614][ T2964]  dump_stack+0x15/0x17
[  136.574604][ T2964]  should_fail+0x3c6/0x510
[  136.578858][ T2964]  should_fail_alloc_page+0x5a/0x80
[  136.583893][ T2964]  prepare_alloc_pages+0x15c/0x700
[  136.588841][ T2964]  ? __alloc_pages+0x8f0/0x8f0
[  136.593442][ T2964]  ? __alloc_pages_bulk+0xe40/0xe40
[  136.598475][ T2964]  __alloc_pages+0x18c/0x8f0
[  136.602899][ T2964]  ? prep_new_page+0x110/0x110
[  136.607682][ T2964]  ? 0xffffffffa00268a0
[  136.611674][ T2964]  ? is_bpf_text_address+0x172/0x190
[  136.616799][ T2964]  pte_alloc_one+0x73/0x1b0
[  136.621128][ T2964]  ? pfn_modify_allowed+0x2f0/0x2f0
[  136.626164][ T2964]  ? arch_stack_walk+0xf3/0x140
[  136.630851][ T2964]  __pte_alloc+0x86/0x350
[  136.635017][ T2964]  ? free_pgtables+0x280/0x280
[  136.639711][ T2964]  ? _raw_spin_lock+0xa4/0x1b0
[  136.644311][ T2964]  ? __kasan_check_write+0x14/0x20
[  136.649260][ T2964]  copy_page_range+0x28a8/0x2f90
[  136.654034][ T2964]  ? __kasan_slab_alloc+0xb1/0xe0
[  136.658902][ T2964]  ? pfn_valid+0x1e0/0x1e0
[  136.663147][ T2964]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  136.668700][ T2964]  ? __rb_insert_augmented+0x5de/0x610
[  136.673995][ T2964]  copy_mm+0xc7e/0x13e0
[  136.677989][ T2964]  ? copy_signal+0x610/0x610
[  136.682413][ T2964]  ? __init_rwsem+0xd6/0x1c0
[  136.686841][ T2964]  ? copy_signal+0x4e3/0x610
[  136.691264][ T2964]  copy_process+0x1149/0x3290
[  136.695780][ T2964]  ? proc_fail_nth_write+0x20b/0x290
[  136.700898][ T2964]  ? fsnotify_perm+0x6a/0x5d0
[  136.705415][ T2964]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  136.710357][ T2964]  ? vfs_write+0x9ec/0x1110
[  136.715742][ T2964]  kernel_clone+0x21e/0x9e0
[  136.720079][ T2964]  ? file_end_write+0x1c0/0x1c0
[  136.725203][ T2964]  ? create_io_thread+0x1e0/0x1e0
[  136.730060][ T2964]  ? mutex_unlock+0xb2/0x260
[  136.734485][ T2964]  ? __mutex_lock_slowpath+0x10/0x10
[  136.739609][ T2964]  __x64_sys_clone+0x23f/0x290
[  136.744208][ T2964]  ? __do_sys_vfork+0x130/0x130
[  136.748896][ T2964]  ? ksys_write+0x260/0x2c0
[  136.753322][ T2964]  ? debug_smp_processor_id+0x17/0x20
[  136.758525][ T2964]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  136.764429][ T2964]  ? exit_to_user_mode_prepare+0x39/0xa0
[  136.769899][ T2964]  do_syscall_64+0x3d/0xb0
[  136.774154][ T2964]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  136.779877][ T2964] RIP: 0033:0x7faae203fda9
[  136.784132][ T2964] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  136.803803][ T2964] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:51 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:51 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59)

[  136.812042][ T2964] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  136.819853][ T2964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  136.827665][ T2964] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  136.835478][ T2964] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  136.843285][ T2964] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  136.851104][ T2964]  </TASK>
21:57:51 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  136.914896][ T2975] FAULT_INJECTION: forcing a failure.
[  136.914896][ T2975] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  136.938604][ T2975] CPU: 0 PID: 2975 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  136.948697][ T2975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  136.958591][ T2975] Call Trace:
[  136.961716][ T2975]  <TASK>
[  136.964491][ T2975]  dump_stack_lvl+0x151/0x1b7
[  136.969006][ T2975]  ? io_uring_drop_tctx_refs+0x190/0x190
[  136.974472][ T2975]  dump_stack+0x15/0x17
[  136.978469][ T2975]  should_fail+0x3c6/0x510
[  136.982714][ T2975]  should_fail_alloc_page+0x5a/0x80
[  136.987743][ T2975]  prepare_alloc_pages+0x15c/0x700
[  136.992693][ T2975]  ? __alloc_pages+0x8f0/0x8f0
[  136.997295][ T2975]  ? __alloc_pages_bulk+0xe40/0xe40
[  137.002327][ T2975]  ? sched_clock+0x9/0x10
[  137.006497][ T2975]  __alloc_pages+0x18c/0x8f0
[  137.010920][ T2975]  ? prep_new_page+0x110/0x110
[  137.015524][ T2975]  ? is_bpf_text_address+0x172/0x190
[  137.020639][ T2975]  pte_alloc_one+0x73/0x1b0
[  137.024977][ T2975]  ? pfn_modify_allowed+0x2f0/0x2f0
[  137.030013][ T2975]  ? arch_stack_walk+0xf3/0x140
[  137.034703][ T2975]  __pte_alloc+0x86/0x350
[  137.038869][ T2975]  ? free_pgtables+0x280/0x280
[  137.043464][ T2975]  ? _raw_spin_lock+0xa4/0x1b0
[  137.048066][ T2975]  ? __kasan_check_write+0x14/0x20
[  137.053012][ T2975]  copy_page_range+0x28a8/0x2f90
[  137.057790][ T2975]  ? __kasan_slab_alloc+0xb1/0xe0
[  137.062653][ T2975]  ? pfn_valid+0x1e0/0x1e0
[  137.066902][ T2975]  ? vma_interval_tree_augment_rotate+0x1a3/0x1d0
[  137.073153][ T2975]  copy_mm+0xc7e/0x13e0
[  137.077147][ T2975]  ? copy_signal+0x610/0x610
[  137.081566][ T2975]  ? __init_rwsem+0xd6/0x1c0
[  137.085997][ T2975]  ? copy_signal+0x4e3/0x610
[  137.090420][ T2975]  copy_process+0x1149/0x3290
[  137.094934][ T2975]  ? proc_fail_nth_write+0x20b/0x290
[  137.100056][ T2975]  ? fsnotify_perm+0x6a/0x5d0
[  137.104567][ T2975]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  137.109513][ T2975]  ? vfs_write+0x9ec/0x1110
[  137.113854][ T2975]  kernel_clone+0x21e/0x9e0
[  137.118193][ T2975]  ? file_end_write+0x1c0/0x1c0
[  137.122881][ T2975]  ? create_io_thread+0x1e0/0x1e0
[  137.127743][ T2975]  ? mutex_unlock+0xb2/0x260
[  137.132166][ T2975]  ? __mutex_lock_slowpath+0x10/0x10
[  137.137291][ T2975]  __x64_sys_clone+0x23f/0x290
[  137.141892][ T2975]  ? __do_sys_vfork+0x130/0x130
[  137.146573][ T2975]  ? ksys_write+0x260/0x2c0
[  137.150916][ T2975]  ? debug_smp_processor_id+0x17/0x20
[  137.156119][ T2975]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  137.162024][ T2975]  ? exit_to_user_mode_prepare+0x39/0xa0
[  137.167492][ T2975]  do_syscall_64+0x3d/0xb0
[  137.171748][ T2975]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  137.177472][ T2975] RIP: 0033:0x7faae203fda9
[  137.181727][ T2975] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  137.201172][ T2975] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:51 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821108, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60)

21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821109, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  137.209412][ T2975] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  137.217224][ T2975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  137.225033][ T2975] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  137.232845][ T2975] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  137.240662][ T2975] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  137.248475][ T2975]  </TASK>
21:57:52 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821f00, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2, 0x0, 0x0, 0x0)

[  137.328961][ T2984] FAULT_INJECTION: forcing a failure.
[  137.328961][ T2984] name failslab, interval 1, probability 0, space 0, times 0
[  137.349627][ T2984] CPU: 0 PID: 2984 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  137.359708][ T2984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  137.369608][ T2984] Call Trace:
[  137.372726][ T2984]  <TASK>
[  137.375511][ T2984]  dump_stack_lvl+0x151/0x1b7
21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  137.380115][ T2984]  ? io_uring_drop_tctx_refs+0x190/0x190
[  137.385587][ T2984]  dump_stack+0x15/0x17
[  137.389576][ T2984]  should_fail+0x3c6/0x510
[  137.393844][ T2984]  __should_failslab+0xa4/0xe0
[  137.398430][ T2984]  ? anon_vma_clone+0x9a/0x500
[  137.403027][ T2984]  should_failslab+0x9/0x20
[  137.407366][ T2984]  slab_pre_alloc_hook+0x37/0xd0
[  137.412139][ T2984]  ? anon_vma_clone+0x9a/0x500
[  137.416742][ T2984]  kmem_cache_alloc+0x44/0x200
[  137.421341][ T2984]  anon_vma_clone+0x9a/0x500
[  137.425774][ T2984]  anon_vma_fork+0x91/0x4e0
[  137.430112][ T2984]  ? anon_vma_name+0x43/0x70
[  137.434537][ T2984]  ? vm_area_dup+0x17a/0x230
[  137.438982][ T2984]  copy_mm+0xa3a/0x13e0
[  137.442960][ T2984]  ? copy_signal+0x610/0x610
[  137.447383][ T2984]  ? __init_rwsem+0xd6/0x1c0
[  137.451815][ T2984]  ? copy_signal+0x4e3/0x610
[  137.456315][ T2984]  copy_process+0x1149/0x3290
[  137.460831][ T2984]  ? proc_fail_nth_write+0x20b/0x290
[  137.465949][ T2984]  ? fsnotify_perm+0x6a/0x5d0
[  137.470463][ T2984]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  137.475408][ T2984]  ? vfs_write+0x9ec/0x1110
[  137.479751][ T2984]  kernel_clone+0x21e/0x9e0
[  137.484087][ T2984]  ? file_end_write+0x1c0/0x1c0
[  137.488775][ T2984]  ? create_io_thread+0x1e0/0x1e0
[  137.493639][ T2984]  ? mutex_unlock+0xb2/0x260
[  137.498062][ T2984]  ? __mutex_lock_slowpath+0x10/0x10
[  137.503186][ T2984]  __x64_sys_clone+0x23f/0x290
[  137.507786][ T2984]  ? __do_sys_vfork+0x130/0x130
[  137.512469][ T2984]  ? ksys_write+0x260/0x2c0
[  137.516811][ T2984]  ? debug_smp_processor_id+0x17/0x20
[  137.522017][ T2984]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  137.527918][ T2984]  ? exit_to_user_mode_prepare+0x39/0xa0
[  137.533387][ T2984]  do_syscall_64+0x3d/0xb0
[  137.537644][ T2984]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  137.543367][ T2984] RIP: 0033:0x7faae203fda9
[  137.547622][ T2984] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  137.567061][ T2984] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:52 executing program 0:
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48) (async)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000f40)={0xffffffffffffffff, 0xe0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000bc0)=[0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000c00)=[0x0], &(0x7f0000000c40)=[0x0, 0x0], 0x0, 0xc7, &(0x7f0000000c80)=[{}], 0x8, 0x10, &(0x7f0000000cc0), &(0x7f0000000d40), 0x8, 0x87, 0x8, 0x8, &(0x7f0000000e00)}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000f80)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffffff7f, '\x00', r1, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], <r4=>0x0, 0x9e, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x53, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', r3, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_update_sb\x00', r6}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_update_sb\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000012416ca50100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d0000ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x862a, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x58, &(0x7f0000000540)}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r7, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0], <r10=>0x0, 0x63, &(0x7f0000000700)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xd1, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48) (async)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8e7, 0x0, 0x0, 0x0, 0x788}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x5c, &(0x7f00000003c0)=""/92, 0x41100, 0x2a, '\x00', r9, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, r7, 0x8, &(0x7f0000000a40)=[0x1, r11], &(0x7f0000000a80)=[{0x1, 0x2, 0xc, 0x5}, {0x1, 0x5, 0x5, 0x9}, {0x5, 0x2, 0xc, 0xa}, {0x0, 0x3, 0xd, 0x3}, {0x5, 0x3, 0x3, 0x5}, {0x2, 0x2, 0x3, 0x5}, {0x0, 0x1, 0x3, 0xe}, {0x3, 0x1, 0x6, 0x2}], 0x10, 0xfff}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8e7, 0x0, 0x0, 0x0, 0x788}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x5c, &(0x7f00000003c0)=""/92, 0x41100, 0x2a, '\x00', r9, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, r7, 0x8, &(0x7f0000000a40)=[0x1, r11], &(0x7f0000000a80)=[{0x1, 0x2, 0xc, 0x5}, {0x1, 0x5, 0x5, 0x9}, {0x5, 0x2, 0xc, 0xa}, {0x0, 0x3, 0xd, 0x3}, {0x5, 0x3, 0x3, 0x5}, {0x2, 0x2, 0x3, 0x5}, {0x0, 0x1, 0x3, 0xe}, {0x3, 0x1, 0x6, 0x2}], 0x10, 0xfff}, 0x90)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x4, [@enum={0x9, 0x1, 0x0, 0x6, 0x4, [{0x5, 0x1}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @func={0x3, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000640)=""/140, 0x48, 0x8c, 0x1, 0x2}, 0x20) (async)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x4, [@enum={0x9, 0x1, 0x0, 0x6, 0x4, [{0x5, 0x1}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @func={0x3, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000640)=""/140, 0x48, 0x8c, 0x1, 0x2}, 0x20)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@generic={&(0x7f00000007c0)='./file0\x00', 0x0, 0x10}, 0x18)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r14}, {}, {}, {0x85, 0x0, 0x0, 0xe}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000d00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r14}, {}, {}, {0x85, 0x0, 0x0, 0xe}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000d00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r15=>0xffffffffffffffff})
recvmsg$unix(r15, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r16=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r16, 0x0, 0x2000fdef)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x16, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7fffffff}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x200}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @exit, @btf_id={0x18, 0xd, 0x3, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='syzkaller\x00', 0x3f, 0x0, 0x0, 0x41100, 0x0, '\x00', r9, 0x2e, r12, 0x8, &(0x7f0000000740)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000780)={0x2, 0xc, 0x2, 0x1ff}, 0x10, 0xffffffffffffffff, r6, 0x8, &(0x7f0000000840)=[r0, r13, r14, r0, r5, r16, r0], &(0x7f0000000880)=[{0x4, 0x2, 0xf, 0x1}, {0x4, 0x4, 0xa, 0xa}, {0x4, 0x5, 0xf}, {0x2, 0x3, 0xa, 0xb}, {0x1, 0x4, 0x5, 0x2}, {0x1, 0x4, 0x7, 0x2}, {0x3, 0x3, 0x4, 0x5}, {0x0, 0x1, 0xe, 0x5}], 0x10, 0x6}, 0x90)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)={0x1b, 0x0, 0x0, 0xfffff37e, 0x0, r2, 0x2, '\x00', r1, r12, 0x1, 0x1, 0x5}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001340)={r16, 0x58, &(0x7f00000012c0)}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001340)={r16, 0x58, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r18=>0x0}}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async)
r19 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r19, 0x4030582a, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x9, 0x11, &(0x7f00000010c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xaab}, {{0x18, 0x1, 0x1, 0x0, r17}}, {}, [@map_val={0x18, 0xb, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0xffe00000}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f0000001180)='GPL\x00', 0xfffffe01, 0xd7, &(0x7f00000011c0)=""/215, 0x40f00, 0x0, '\x00', r18, 0x13, r16, 0x8, &(0x7f0000001380)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000013c0)={0x1, 0x6, 0x23, 0xb20}, 0x10, r4, 0xffffffffffffffff, 0x8, &(0x7f0000001400)=[r5, r11, r19, r5, r14, r16, r14, r11, r16], &(0x7f0000001440)=[{0x0, 0x3, 0x3, 0x3}, {0x5, 0x3, 0x4, 0x3}, {0x1, 0x5, 0x7, 0x7}, {0x2, 0x3, 0x8, 0xc}, {0x3, 0x1, 0x6, 0xa}, {0x5, 0x5, 0x10, 0x6}, {0x3, 0x2, 0xf, 0x7}, {0x1, 0x1, 0xb, 0x1}], 0x10, 0x3ff}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001000)={r13}, 0x4)

21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61)

[  137.575306][ T2984] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  137.583118][ T2984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  137.590931][ T2984] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  137.598740][ T2984] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  137.606550][ T2984] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  137.614369][ T2984]  </TASK>
21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00'})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x7, 0x0, 0x0, 0x0)

[  137.701555][ T3005] FAULT_INJECTION: forcing a failure.
[  137.701555][ T3005] name failslab, interval 1, probability 0, space 0, times 0
[  137.728462][ T3005] CPU: 1 PID: 3005 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  137.738549][ T3005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  137.748449][ T3005] Call Trace:
[  137.751569][ T3005]  <TASK>
[  137.754343][ T3005]  dump_stack_lvl+0x151/0x1b7
[  137.758863][ T3005]  ? io_uring_drop_tctx_refs+0x190/0x190
[  137.764328][ T3005]  dump_stack+0x15/0x17
[  137.768318][ T3005]  should_fail+0x3c6/0x510
[  137.772573][ T3005]  __should_failslab+0xa4/0xe0
[  137.777170][ T3005]  ? vm_area_dup+0x26/0x230
[  137.781510][ T3005]  should_failslab+0x9/0x20
[  137.785854][ T3005]  slab_pre_alloc_hook+0x37/0xd0
[  137.790628][ T3005]  ? vm_area_dup+0x26/0x230
[  137.794969][ T3005]  kmem_cache_alloc+0x44/0x200
21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x8, 0x0, 0x0, 0x0)

21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00'})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  137.799570][ T3005]  vm_area_dup+0x26/0x230
[  137.803746][ T3005]  copy_mm+0x9a1/0x13e0
[  137.807725][ T3005]  ? copy_signal+0x610/0x610
[  137.812148][ T3005]  ? __init_rwsem+0xd6/0x1c0
[  137.816579][ T3005]  ? copy_signal+0x4e3/0x610
[  137.821012][ T3005]  copy_process+0x1149/0x3290
[  137.825522][ T3005]  ? proc_fail_nth_write+0x20b/0x290
[  137.830887][ T3005]  ? fsnotify_perm+0x6a/0x5d0
[  137.835500][ T3005]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  137.840445][ T3005]  ? vfs_write+0x9ec/0x1110
[  137.844785][ T3005]  kernel_clone+0x21e/0x9e0
[  137.849303][ T3005]  ? file_end_write+0x1c0/0x1c0
[  137.853986][ T3005]  ? create_io_thread+0x1e0/0x1e0
[  137.858841][ T3005]  ? mutex_unlock+0xb2/0x260
[  137.863274][ T3005]  ? __mutex_lock_slowpath+0x10/0x10
[  137.868396][ T3005]  __x64_sys_clone+0x23f/0x290
[  137.872990][ T3005]  ? __do_sys_vfork+0x130/0x130
[  137.877674][ T3005]  ? ksys_write+0x260/0x2c0
[  137.882020][ T3005]  ? debug_smp_processor_id+0x17/0x20
[  137.887228][ T3005]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  137.893133][ T3005]  ? exit_to_user_mode_prepare+0x39/0xa0
[  137.898596][ T3005]  do_syscall_64+0x3d/0xb0
[  137.902847][ T3005]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  137.908577][ T3005] RIP: 0033:0x7faae203fda9
[  137.912832][ T3005] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  137.932274][ T3005] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  137.940512][ T3005] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x9, 0x0, 0x0, 0x0)

21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00'})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x700, 0x0, 0x0, 0x0)

[  137.948326][ T3005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  137.956137][ T3005] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  137.963946][ T3005] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  137.971755][ T3005] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  137.979574][ T3005]  </TASK>
21:57:52 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62)

21:57:52 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:52 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  138.074642][ T3020] FAULT_INJECTION: forcing a failure.
[  138.074642][ T3020] name failslab, interval 1, probability 0, space 0, times 0
[  138.091328][ T3020] CPU: 1 PID: 3020 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  138.101408][ T3020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  138.111307][ T3020] Call Trace:
[  138.114427][ T3020]  <TASK>
[  138.117203][ T3020]  dump_stack_lvl+0x151/0x1b7
[  138.121720][ T3020]  ? io_uring_drop_tctx_refs+0x190/0x190
[  138.127188][ T3020]  dump_stack+0x15/0x17
[  138.131177][ T3020]  should_fail+0x3c6/0x510
[  138.135431][ T3020]  __should_failslab+0xa4/0xe0
[  138.140030][ T3020]  ? anon_vma_clone+0x9a/0x500
[  138.144633][ T3020]  should_failslab+0x9/0x20
[  138.148969][ T3020]  slab_pre_alloc_hook+0x37/0xd0
[  138.153743][ T3020]  ? anon_vma_clone+0x9a/0x500
[  138.158339][ T3020]  kmem_cache_alloc+0x44/0x200
[  138.162940][ T3020]  anon_vma_clone+0x9a/0x500
[  138.167371][ T3020]  anon_vma_fork+0x91/0x4e0
[  138.171705][ T3020]  ? anon_vma_name+0x43/0x70
[  138.176136][ T3020]  ? vm_area_dup+0x17a/0x230
[  138.180561][ T3020]  copy_mm+0xa3a/0x13e0
[  138.184554][ T3020]  ? copy_signal+0x610/0x610
[  138.188977][ T3020]  ? __init_rwsem+0xd6/0x1c0
[  138.193403][ T3020]  ? copy_signal+0x4e3/0x610
[  138.197833][ T3020]  copy_process+0x1149/0x3290
[  138.202345][ T3020]  ? proc_fail_nth_write+0x20b/0x290
[  138.207464][ T3020]  ? fsnotify_perm+0x6a/0x5d0
[  138.211977][ T3020]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  138.216929][ T3020]  ? vfs_write+0x9ec/0x1110
[  138.221266][ T3020]  kernel_clone+0x21e/0x9e0
[  138.225606][ T3020]  ? file_end_write+0x1c0/0x1c0
[  138.230293][ T3020]  ? create_io_thread+0x1e0/0x1e0
[  138.235152][ T3020]  ? mutex_unlock+0xb2/0x260
[  138.239578][ T3020]  ? __mutex_lock_slowpath+0x10/0x10
[  138.244701][ T3020]  __x64_sys_clone+0x23f/0x290
[  138.249302][ T3020]  ? __do_sys_vfork+0x130/0x130
[  138.253985][ T3020]  ? ksys_write+0x260/0x2c0
[  138.258326][ T3020]  ? debug_smp_processor_id+0x17/0x20
[  138.263532][ T3020]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  138.269434][ T3020]  ? exit_to_user_mode_prepare+0x39/0xa0
[  138.274902][ T3020]  do_syscall_64+0x3d/0xb0
[  138.279167][ T3020]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  138.284970][ T3020] RIP: 0033:0x7faae203fda9
[  138.289226][ T3020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  138.308665][ T3020] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  138.316909][ T3020] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:53 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x900, 0x0, 0x0, 0x0)

21:57:53 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  138.324723][ T3020] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  138.332533][ T3020] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  138.340344][ T3020] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  138.348159][ T3020] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  138.355971][ T3020]  </TASK>
21:57:53 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1f00, 0x0, 0x0, 0x0)

21:57:53 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63)

[  138.435925][ T3035] FAULT_INJECTION: forcing a failure.
[  138.435925][ T3035] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  138.450189][ T3035] CPU: 1 PID: 3035 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  138.460268][ T3035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  138.470162][ T3035] Call Trace:
[  138.473280][ T3035]  <TASK>
[  138.476057][ T3035]  dump_stack_lvl+0x151/0x1b7
[  138.480572][ T3035]  ? io_uring_drop_tctx_refs+0x190/0x190
[  138.486039][ T3035]  dump_stack+0x15/0x17
[  138.490031][ T3035]  should_fail+0x3c6/0x510
[  138.494288][ T3035]  should_fail_alloc_page+0x5a/0x80
[  138.499319][ T3035]  prepare_alloc_pages+0x15c/0x700
[  138.504263][ T3035]  ? __alloc_pages+0x8f0/0x8f0
[  138.508870][ T3035]  ? __alloc_pages_bulk+0xe40/0xe40
[  138.513899][ T3035]  ? sched_clock+0x9/0x10
[  138.518068][ T3035]  __alloc_pages+0x18c/0x8f0
[  138.522501][ T3035]  ? prep_new_page+0x110/0x110
[  138.527095][ T3035]  ? is_bpf_text_address+0x172/0x190
[  138.532214][ T3035]  pte_alloc_one+0x73/0x1b0
[  138.536555][ T3035]  ? pfn_modify_allowed+0x2f0/0x2f0
[  138.541586][ T3035]  ? arch_stack_walk+0xf3/0x140
[  138.546273][ T3035]  __pte_alloc+0x86/0x350
[  138.550439][ T3035]  ? free_pgtables+0x280/0x280
[  138.555037][ T3035]  ? _raw_spin_lock+0xa4/0x1b0
[  138.559639][ T3035]  ? __kasan_check_write+0x14/0x20
[  138.564587][ T3035]  copy_page_range+0x28a8/0x2f90
[  138.569361][ T3035]  ? __kasan_slab_alloc+0xb1/0xe0
[  138.574234][ T3035]  ? pfn_valid+0x1e0/0x1e0
[  138.578472][ T3035]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[  138.584026][ T3035]  ? __rb_insert_augmented+0x5de/0x610
[  138.589343][ T3035]  copy_mm+0xc7e/0x13e0
[  138.593326][ T3035]  ? copy_signal+0x610/0x610
[  138.597742][ T3035]  ? __init_rwsem+0xd6/0x1c0
[  138.602170][ T3035]  ? copy_signal+0x4e3/0x610
[  138.606596][ T3035]  copy_process+0x1149/0x3290
[  138.611112][ T3035]  ? proc_fail_nth_write+0x20b/0x290
[  138.616327][ T3035]  ? fsnotify_perm+0x6a/0x5d0
[  138.620841][ T3035]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  138.625783][ T3035]  ? vfs_write+0x9ec/0x1110
[  138.630129][ T3035]  kernel_clone+0x21e/0x9e0
[  138.634463][ T3035]  ? file_end_write+0x1c0/0x1c0
[  138.639152][ T3035]  ? create_io_thread+0x1e0/0x1e0
[  138.644008][ T3035]  ? mutex_unlock+0xb2/0x260
[  138.648436][ T3035]  ? __mutex_lock_slowpath+0x10/0x10
[  138.653560][ T3035]  __x64_sys_clone+0x23f/0x290
[  138.658159][ T3035]  ? __do_sys_vfork+0x130/0x130
[  138.662842][ T3035]  ? ksys_write+0x260/0x2c0
[  138.667186][ T3035]  ? debug_smp_processor_id+0x17/0x20
[  138.672390][ T3035]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  138.678295][ T3035]  ? exit_to_user_mode_prepare+0x39/0xa0
[  138.683765][ T3035]  do_syscall_64+0x3d/0xb0
[  138.688014][ T3035]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  138.693741][ T3035] RIP: 0033:0x7faae203fda9
[  138.697996][ T3035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  138.717444][ T3035] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  138.725776][ T3035] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:53 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2000, 0x0, 0x0, 0x0)

21:57:53 executing program 0:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000f40)={0xffffffffffffffff, 0xe0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000bc0)=[0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000c00)=[0x0], &(0x7f0000000c40)=[0x0, 0x0], 0x0, 0xc7, &(0x7f0000000c80)=[{}], 0x8, 0x10, &(0x7f0000000cc0), &(0x7f0000000d40), 0x8, 0x87, 0x8, 0x8, &(0x7f0000000e00)}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000f80)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xffffff7f, '\x00', r1, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0], <r4=>0x0, 0x9e, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x53, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0x0, '\x00', r3, 0x0}, 0x48) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_update_sb\x00', r6}, 0x10) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000012416ca50100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d0000ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x862a, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x48) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r7, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000680)=[0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0], <r10=>0x0, 0x63, &(0x7f0000000700)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xd1, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) (async)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xa, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8e7, 0x0, 0x0, 0x0, 0x788}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x5c, &(0x7f00000003c0)=""/92, 0x41100, 0x2a, '\x00', r9, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, r7, 0x8, &(0x7f0000000a40)=[0x1, r11], &(0x7f0000000a80)=[{0x1, 0x2, 0xc, 0x5}, {0x1, 0x5, 0x5, 0x9}, {0x5, 0x2, 0xc, 0xa}, {0x0, 0x3, 0xd, 0x3}, {0x5, 0x3, 0x3, 0x5}, {0x2, 0x2, 0x3, 0x5}, {0x0, 0x1, 0x3, 0xe}, {0x3, 0x1, 0x6, 0x2}], 0x10, 0xfff}, 0x90) (async)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x4, [@enum={0x9, 0x1, 0x0, 0x6, 0x4, [{0x5, 0x1}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}, @func={0x3, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000640)=""/140, 0x48, 0x8c, 0x1, 0x2}, 0x20) (async)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@generic={&(0x7f00000007c0)='./file0\x00', 0x0, 0x10}, 0x18) (async)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r14}, {}, {}, {0x85, 0x0, 0x0, 0xe}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000d00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r15=>0xffffffffffffffff})
recvmsg$unix(r15, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r16=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r16, 0x0, 0x2000fdef) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x16, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7fffffff}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x200}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @exit, @btf_id={0x18, 0xd, 0x3, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='syzkaller\x00', 0x3f, 0x0, 0x0, 0x41100, 0x0, '\x00', r9, 0x2e, r12, 0x8, &(0x7f0000000740)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000780)={0x2, 0xc, 0x2, 0x1ff}, 0x10, 0xffffffffffffffff, r6, 0x8, &(0x7f0000000840)=[r0, r13, r14, r0, r5, r16, r0], &(0x7f0000000880)=[{0x4, 0x2, 0xf, 0x1}, {0x4, 0x4, 0xa, 0xa}, {0x4, 0x5, 0xf}, {0x2, 0x3, 0xa, 0xb}, {0x1, 0x4, 0x5, 0x2}, {0x1, 0x4, 0x7, 0x2}, {0x3, 0x3, 0x4, 0x5}, {0x0, 0x1, 0xe, 0x5}], 0x10, 0x6}, 0x90) (async)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)={0x1b, 0x0, 0x0, 0xfffff37e, 0x0, r2, 0x2, '\x00', r1, r12, 0x1, 0x1, 0x5}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001340)={r16, 0x58, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r18=>0x0}}, 0x10)
r19 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r19, 0x4030582a, &(0x7f0000000040)) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x9, 0x11, &(0x7f00000010c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xaab}, {{0x18, 0x1, 0x1, 0x0, r17}}, {}, [@map_val={0x18, 0xb, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0xffe00000}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f0000001180)='GPL\x00', 0xfffffe01, 0xd7, &(0x7f00000011c0)=""/215, 0x40f00, 0x0, '\x00', r18, 0x13, r16, 0x8, &(0x7f0000001380)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000013c0)={0x1, 0x6, 0x23, 0xb20}, 0x10, r4, 0xffffffffffffffff, 0x8, &(0x7f0000001400)=[r5, r11, r19, r5, r14, r16, r14, r11, r16], &(0x7f0000001440)=[{0x0, 0x3, 0x3, 0x3}, {0x5, 0x3, 0x4, 0x3}, {0x1, 0x5, 0x7, 0x7}, {0x2, 0x3, 0x8, 0xc}, {0x3, 0x1, 0x6, 0xa}, {0x5, 0x5, 0x10, 0x6}, {0x3, 0x2, 0xf, 0x7}, {0x1, 0x1, 0xb, 0x1}], 0x10, 0x3ff}, 0x90) (async, rerun: 64)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001000)={r13}, 0x4)

21:57:53 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64)

21:57:53 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:53 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x20010, 0x0, 0x0, 0x0)

[  138.733587][ T3035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  138.741504][ T3035] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  138.749315][ T3035] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  138.757128][ T3035] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  138.764945][ T3035]  </TASK>
21:57:53 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  138.881148][ T3046] FAULT_INJECTION: forcing a failure.
[  138.881148][ T3046] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  138.896788][ T3046] CPU: 1 PID: 3046 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  138.906874][ T3046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  138.916774][ T3046] Call Trace:
[  138.919894][ T3046]  <TASK>
[  138.922669][ T3046]  dump_stack_lvl+0x151/0x1b7
[  138.927187][ T3046]  ? io_uring_drop_tctx_refs+0x190/0x190
[  138.932649][ T3046]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[  138.938123][ T3046]  dump_stack+0x15/0x17
[  138.942113][ T3046]  should_fail+0x3c6/0x510
[  138.946365][ T3046]  should_fail_alloc_page+0x5a/0x80
[  138.951397][ T3046]  prepare_alloc_pages+0x15c/0x700
[  138.956350][ T3046]  ? __alloc_pages_bulk+0xe40/0xe40
[  138.961380][ T3046]  ? sched_clock+0x9/0x10
[  138.965547][ T3046]  __alloc_pages+0x18c/0x8f0
[  138.969972][ T3046]  ? prep_new_page+0x110/0x110
[  138.974597][ T3046]  ? 0xffffffffa0028dbc
[  138.978567][ T3046]  ? is_bpf_text_address+0x172/0x190
[  138.983685][ T3046]  pte_alloc_one+0x73/0x1b0
[  138.988023][ T3046]  ? pfn_modify_allowed+0x2f0/0x2f0
[  138.993057][ T3046]  ? arch_stack_walk+0xf3/0x140
[  138.997751][ T3046]  __pte_alloc+0x86/0x350
[  139.001910][ T3046]  ? free_pgtables+0x280/0x280
[  139.006511][ T3046]  ? _raw_spin_lock+0xa4/0x1b0
[  139.011110][ T3046]  ? __kasan_check_write+0x14/0x20
[  139.016061][ T3046]  copy_page_range+0x28a8/0x2f90
[  139.020838][ T3046]  ? __kasan_slab_alloc+0xb1/0xe0
[  139.025714][ T3046]  ? pfn_valid+0x1e0/0x1e0
[  139.029944][ T3046]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[  139.035494][ T3046]  ? __rb_insert_augmented+0x5de/0x610
[  139.040791][ T3046]  copy_mm+0xc7e/0x13e0
[  139.044785][ T3046]  ? copy_signal+0x610/0x610
[  139.049209][ T3046]  ? __init_rwsem+0xd6/0x1c0
[  139.053636][ T3046]  ? copy_signal+0x4e3/0x610
[  139.058060][ T3046]  copy_process+0x1149/0x3290
[  139.062575][ T3046]  ? proc_fail_nth_write+0x20b/0x290
[  139.067694][ T3046]  ? fsnotify_perm+0x6a/0x5d0
[  139.072227][ T3046]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  139.077155][ T3046]  ? vfs_write+0x9ec/0x1110
[  139.081496][ T3046]  kernel_clone+0x21e/0x9e0
[  139.085834][ T3046]  ? file_end_write+0x1c0/0x1c0
[  139.090521][ T3046]  ? create_io_thread+0x1e0/0x1e0
[  139.095385][ T3046]  ? mutex_unlock+0xb2/0x260
[  139.099808][ T3046]  ? __mutex_lock_slowpath+0x10/0x10
[  139.104928][ T3046]  __x64_sys_clone+0x23f/0x290
[  139.109529][ T3046]  ? __do_sys_vfork+0x130/0x130
[  139.114213][ T3046]  ? ksys_write+0x260/0x2c0
[  139.118559][ T3046]  ? debug_smp_processor_id+0x17/0x20
[  139.123761][ T3046]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  139.129663][ T3046]  ? exit_to_user_mode_prepare+0x39/0xa0
[  139.135134][ T3046]  do_syscall_64+0x3d/0xb0
[  139.139387][ T3046]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  139.145113][ T3046] RIP: 0033:0x7faae203fda9
[  139.149370][ T3046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  139.168807][ T3046] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:54 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x80000, 0x0, 0x0, 0x0)

21:57:54 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65)

21:57:54 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xf0ff1f, 0x0, 0x0, 0x0)

[  139.177055][ T3046] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  139.184866][ T3046] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  139.192674][ T3046] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  139.200485][ T3046] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  139.208299][ T3046] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  139.216115][ T3046]  </TASK>
[  139.271858][ T3059] FAULT_INJECTION: forcing a failure.
[  139.271858][ T3059] name failslab, interval 1, probability 0, space 0, times 0
[  139.288805][ T3059] CPU: 1 PID: 3059 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  139.298891][ T3059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  139.308782][ T3059] Call Trace:
[  139.311906][ T3059]  <TASK>
[  139.314682][ T3059]  dump_stack_lvl+0x151/0x1b7
[  139.319197][ T3059]  ? io_uring_drop_tctx_refs+0x190/0x190
[  139.324671][ T3059]  dump_stack+0x15/0x17
[  139.328658][ T3059]  should_fail+0x3c6/0x510
[  139.332908][ T3059]  __should_failslab+0xa4/0xe0
[  139.337511][ T3059]  ? anon_vma_fork+0xf7/0x4e0
[  139.342022][ T3059]  should_failslab+0x9/0x20
[  139.346360][ T3059]  slab_pre_alloc_hook+0x37/0xd0
[  139.351139][ T3059]  ? anon_vma_fork+0xf7/0x4e0
[  139.355648][ T3059]  kmem_cache_alloc+0x44/0x200
[  139.360253][ T3059]  anon_vma_fork+0xf7/0x4e0
[  139.364592][ T3059]  ? anon_vma_name+0x43/0x70
[  139.369018][ T3059]  ? vm_area_dup+0x17a/0x230
[  139.373443][ T3059]  copy_mm+0xa3a/0x13e0
[  139.377437][ T3059]  ? copy_signal+0x610/0x610
[  139.381859][ T3059]  ? __init_rwsem+0xd6/0x1c0
[  139.386285][ T3059]  ? copy_signal+0x4e3/0x610
[  139.390713][ T3059]  copy_process+0x1149/0x3290
[  139.395228][ T3059]  ? proc_fail_nth_write+0x20b/0x290
[  139.400348][ T3059]  ? fsnotify_perm+0x6a/0x5d0
[  139.404862][ T3059]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  139.409806][ T3059]  ? vfs_write+0x9ec/0x1110
[  139.414148][ T3059]  kernel_clone+0x21e/0x9e0
[  139.418485][ T3059]  ? file_end_write+0x1c0/0x1c0
[  139.423173][ T3059]  ? create_io_thread+0x1e0/0x1e0
[  139.428035][ T3059]  ? mutex_unlock+0xb2/0x260
[  139.432492][ T3059]  ? __mutex_lock_slowpath+0x10/0x10
[  139.437582][ T3059]  __x64_sys_clone+0x23f/0x290
[  139.442180][ T3059]  ? __do_sys_vfork+0x130/0x130
[  139.446871][ T3059]  ? ksys_write+0x260/0x2c0
[  139.451209][ T3059]  ? debug_smp_processor_id+0x17/0x20
[  139.456426][ T3059]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  139.462316][ T3059]  ? exit_to_user_mode_prepare+0x39/0xa0
[  139.467785][ T3059]  do_syscall_64+0x3d/0xb0
[  139.472036][ T3059]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  139.477767][ T3059] RIP: 0033:0x7faae203fda9
[  139.482020][ T3059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  139.501460][ T3059] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  139.509703][ T3059] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:54 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:54 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:54 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66)

[  139.517516][ T3059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  139.525326][ T3059] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  139.533140][ T3059] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  139.540955][ T3059] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  139.548856][ T3059]  </TASK>
21:57:54 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1000000, 0x0, 0x0, 0x0)

[  139.633796][ T3066] FAULT_INJECTION: forcing a failure.
[  139.633796][ T3066] name failslab, interval 1, probability 0, space 0, times 0
[  139.664762][ T3066] CPU: 0 PID: 3066 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  139.674848][ T3066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  139.684742][ T3066] Call Trace:
[  139.687864][ T3066]  <TASK>
[  139.690643][ T3066]  dump_stack_lvl+0x151/0x1b7
[  139.695155][ T3066]  ? io_uring_drop_tctx_refs+0x190/0x190
[  139.700623][ T3066]  dump_stack+0x15/0x17
[  139.704618][ T3066]  should_fail+0x3c6/0x510
[  139.708865][ T3066]  __should_failslab+0xa4/0xe0
[  139.713462][ T3066]  ? vm_area_dup+0x26/0x230
[  139.717803][ T3066]  should_failslab+0x9/0x20
[  139.722142][ T3066]  slab_pre_alloc_hook+0x37/0xd0
[  139.726922][ T3066]  ? vm_area_dup+0x26/0x230
[  139.731252][ T3066]  kmem_cache_alloc+0x44/0x200
[  139.735864][ T3066]  vm_area_dup+0x26/0x230
[  139.740029][ T3066]  copy_mm+0x9a1/0x13e0
[  139.744020][ T3066]  ? copy_signal+0x610/0x610
[  139.748442][ T3066]  ? __init_rwsem+0xd6/0x1c0
[  139.752865][ T3066]  ? copy_signal+0x4e3/0x610
[  139.757290][ T3066]  copy_process+0x1149/0x3290
[  139.761808][ T3066]  ? proc_fail_nth_write+0x20b/0x290
[  139.766930][ T3066]  ? fsnotify_perm+0x6a/0x5d0
[  139.771439][ T3066]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  139.776392][ T3066]  ? vfs_write+0x9ec/0x1110
[  139.780726][ T3066]  kernel_clone+0x21e/0x9e0
[  139.785063][ T3066]  ? file_end_write+0x1c0/0x1c0
[  139.789751][ T3066]  ? create_io_thread+0x1e0/0x1e0
[  139.794609][ T3066]  ? mutex_unlock+0xb2/0x260
[  139.799040][ T3066]  ? __mutex_lock_slowpath+0x10/0x10
[  139.804169][ T3066]  __x64_sys_clone+0x23f/0x290
[  139.808762][ T3066]  ? __do_sys_vfork+0x130/0x130
[  139.813449][ T3066]  ? ksys_write+0x260/0x2c0
[  139.817795][ T3066]  ? debug_smp_processor_id+0x17/0x20
[  139.822999][ T3066]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  139.828895][ T3066]  ? exit_to_user_mode_prepare+0x39/0xa0
[  139.834363][ T3066]  do_syscall_64+0x3d/0xb0
[  139.838619][ T3066]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  139.844343][ T3066] RIP: 0033:0x7faae203fda9
[  139.848598][ T3066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  139.868038][ T3066] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  139.876282][ T3066] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:54 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f00000004c0), 0x9)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0), ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x4, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xe9, &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x40, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x8, 0x10, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe98, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000500)='syzkaller\x00', 0x6, 0xe5, &(0x7f0000000540)=""/229, 0x41100, 0x20, '\x00', r2, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x7, 0x4, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000a40)=[{0x0, 0x1, 0x8, 0x7}], 0x10, 0x25}, 0x90)
openat$cgroup_ro(r0, &(0x7f0000000a80)='io.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000029c0)=@generic={&(0x7f0000002980)='./file0\x00', 0x0, 0xb95bdb16738b8725}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002cc0)={r4, 0xe0, &(0x7f0000002bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000002a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x10, &(0x7f0000002b00), &(0x7f0000002b40), 0x8, 0x76, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000002d00)=r5)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x81, <r6=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0x19, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000060000000000000003000000184200000200000000000000000000003d385000fcffffff18100000", @ANYRES32=r0, @ANYBLOB="00e2d382f660010000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000086000021b7080000000000007b8af8ff00bd4c3e91080000000200007b8af0ff00000000bfa1000000000000ab5b36506b410e22bfa400000033c60007040000f0ffffffb70200000800bfd35ad0936f94523ef1b233ec551168ca24c4aa7fcf81232537ddbcba7e57da872164615a86c13b128ae6b3a063d56b88d8fc9e903964332aa0e6a81e34f41d6ab84c62c1d00d3b1d38cdf068ea81aaf67d71aa4c71daca94006c86526d4b5a0006e6c0239a7c2d7e0625d7e743f4630afc5d1260aa8cdac24c24b6ada30680a4db6b7973bbde5f12cb2adf5c", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x100, 0x0, 0x0, 0x1f00, 0x10, '\x00', r5, 0x32, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x8, 0x7fffffff}, 0x10, r6, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[r0, r0], &(0x7f0000000340)=[{0x5, 0x1, 0xf}, {0x5, 0x4, 0x5, 0x1}], 0x10, 0xc67}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:54 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2000000, 0x0, 0x0, 0x0)

21:57:54 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f00000004c0), 0x9)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0), ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x4, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xe9, &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x40, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x8, 0x10, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe98, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000500)='syzkaller\x00', 0x6, 0xe5, &(0x7f0000000540)=""/229, 0x41100, 0x20, '\x00', r2, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x7, 0x4, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000a40)=[{0x0, 0x1, 0x8, 0x7}], 0x10, 0x25}, 0x90) (async)
openat$cgroup_ro(r0, &(0x7f0000000a80)='io.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4) (async)
r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000029c0)=@generic={&(0x7f0000002980)='./file0\x00', 0x0, 0xb95bdb16738b8725}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002cc0)={r4, 0xe0, &(0x7f0000002bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000002a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x10, &(0x7f0000002b00), &(0x7f0000002b40), 0x8, 0x76, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000002d00)=r5) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x81, <r6=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0x19, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000060000000000000003000000184200000200000000000000000000003d385000fcffffff18100000", @ANYRES32=r0, @ANYBLOB="00e2d382f660010000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000086000021b7080000000000007b8af8ff00bd4c3e91080000000200007b8af0ff00000000bfa1000000000000ab5b36506b410e22bfa400000033c60007040000f0ffffffb70200000800bfd35ad0936f94523ef1b233ec551168ca24c4aa7fcf81232537ddbcba7e57da872164615a86c13b128ae6b3a063d56b88d8fc9e903964332aa0e6a81e34f41d6ab84c62c1d00d3b1d38cdf068ea81aaf67d71aa4c71daca94006c86526d4b5a0006e6c0239a7c2d7e0625d7e743f4630afc5d1260aa8cdac24c24b6ada30680a4db6b7973bbde5f12cb2adf5c", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x100, 0x0, 0x0, 0x1f00, 0x10, '\x00', r5, 0x32, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x8, 0x7fffffff}, 0x10, r6, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[r0, r0], &(0x7f0000000340)=[{0x5, 0x1, 0xf}, {0x5, 0x4, 0x5, 0x1}], 0x10, 0xc67}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:54 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:54 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67)

[  139.884094][ T3066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  139.891908][ T3066] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  139.899722][ T3066] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  139.907530][ T3066] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  139.915344][ T3066]  </TASK>
21:57:54 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x7000000, 0x0, 0x0, 0x0)

[  139.968959][ T3081] FAULT_INJECTION: forcing a failure.
[  139.968959][ T3081] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  139.984489][ T3081] CPU: 1 PID: 3081 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  139.994566][ T3081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  140.004470][ T3081] Call Trace:
[  140.007582][ T3081]  <TASK>
[  140.010358][ T3081]  dump_stack_lvl+0x151/0x1b7
[  140.014874][ T3081]  ? io_uring_drop_tctx_refs+0x190/0x190
[  140.020341][ T3081]  dump_stack+0x15/0x17
[  140.024336][ T3081]  should_fail+0x3c6/0x510
[  140.028587][ T3081]  should_fail_alloc_page+0x5a/0x80
[  140.033624][ T3081]  prepare_alloc_pages+0x15c/0x700
[  140.038569][ T3081]  ? __alloc_pages+0x8f0/0x8f0
[  140.043166][ T3081]  ? __alloc_pages_bulk+0xe40/0xe40
[  140.048198][ T3081]  ? sched_clock+0x9/0x10
[  140.052364][ T3081]  ? sched_clock_cpu+0x18/0x3b0
[  140.057053][ T3081]  __alloc_pages+0x18c/0x8f0
[  140.061481][ T3081]  ? prep_new_page+0x110/0x110
[  140.066082][ T3081]  ? is_bpf_text_address+0x172/0x190
[  140.071199][ T3081]  pte_alloc_one+0x73/0x1b0
[  140.075542][ T3081]  ? pfn_modify_allowed+0x2f0/0x2f0
[  140.080665][ T3081]  ? arch_stack_walk+0xf3/0x140
[  140.085347][ T3081]  __pte_alloc+0x86/0x350
[  140.089515][ T3081]  ? free_pgtables+0x280/0x280
[  140.094112][ T3081]  ? _raw_spin_lock+0xa4/0x1b0
[  140.098713][ T3081]  ? __kasan_check_write+0x14/0x20
[  140.103661][ T3081]  copy_page_range+0x28a8/0x2f90
[  140.108450][ T3081]  ? __kasan_slab_alloc+0xb1/0xe0
[  140.113299][ T3081]  ? pfn_valid+0x1e0/0x1e0
[  140.117550][ T3081]  ? vma_interval_tree_augment_rotate+0x1a3/0x1d0
[  140.123802][ T3081]  copy_mm+0xc7e/0x13e0
[  140.127793][ T3081]  ? copy_signal+0x610/0x610
[  140.132214][ T3081]  ? __init_rwsem+0xd6/0x1c0
[  140.136642][ T3081]  ? copy_signal+0x4e3/0x610
[  140.141067][ T3081]  copy_process+0x1149/0x3290
[  140.145584][ T3081]  ? proc_fail_nth_write+0x20b/0x290
[  140.150703][ T3081]  ? fsnotify_perm+0x6a/0x5d0
[  140.155215][ T3081]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  140.160161][ T3081]  ? vfs_write+0x9ec/0x1110
[  140.164502][ T3081]  kernel_clone+0x21e/0x9e0
[  140.168840][ T3081]  ? file_end_write+0x1c0/0x1c0
[  140.173529][ T3081]  ? create_io_thread+0x1e0/0x1e0
[  140.178394][ T3081]  ? mutex_unlock+0xb2/0x260
[  140.182815][ T3081]  ? __mutex_lock_slowpath+0x10/0x10
[  140.187937][ T3081]  __x64_sys_clone+0x23f/0x290
[  140.192535][ T3081]  ? __do_sys_vfork+0x130/0x130
[  140.197222][ T3081]  ? ksys_write+0x260/0x2c0
[  140.201566][ T3081]  ? debug_smp_processor_id+0x17/0x20
[  140.206772][ T3081]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  140.212670][ T3081]  ? exit_to_user_mode_prepare+0x39/0xa0
[  140.218140][ T3081]  do_syscall_64+0x3d/0xb0
[  140.222393][ T3081]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  140.228121][ T3081] RIP: 0033:0x7faae203fda9
[  140.232374][ T3081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  140.251816][ T3081] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  140.260060][ T3081] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:55 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f00000004c0), 0x9)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0), ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x4, &(0x7f0000000680)=[0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xe9, &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x40, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x8, 0x10, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe98, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000500)='syzkaller\x00', 0x6, 0xe5, &(0x7f0000000540)=""/229, 0x41100, 0x20, '\x00', r2, 0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x7, 0x4, 0x81}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000a40)=[{0x0, 0x1, 0x8, 0x7}], 0x10, 0x25}, 0x90)
openat$cgroup_ro(r0, &(0x7f0000000a80)='io.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4) (async)
r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000029c0)=@generic={&(0x7f0000002980)='./file0\x00', 0x0, 0xb95bdb16738b8725}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002cc0)={r4, 0xe0, &(0x7f0000002bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000002a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x10, &(0x7f0000002b00), &(0x7f0000002b40), 0x8, 0x76, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000002d00)=r5) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x81, <r6=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0x19, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000060000000000000003000000184200000200000000000000000000003d385000fcffffff18100000", @ANYRES32=r0, @ANYBLOB="00e2d382f660010000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000086000021b7080000000000007b8af8ff00bd4c3e91080000000200007b8af0ff00000000bfa1000000000000ab5b36506b410e22bfa400000033c60007040000f0ffffffb70200000800bfd35ad0936f94523ef1b233ec551168ca24c4aa7fcf81232537ddbcba7e57da872164615a86c13b128ae6b3a063d56b88d8fc9e903964332aa0e6a81e34f41d6ab84c62c1d00d3b1d38cdf068ea81aaf67d71aa4c71daca94006c86526d4b5a0006e6c0239a7c2d7e0625d7e743f4630afc5d1260aa8cdac24c24b6ada30680a4db6b7973bbde5f12cb2adf5c", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x100, 0x0, 0x0, 0x1f00, 0x10, '\x00', r5, 0x32, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x8, 0x7fffffff}, 0x10, r6, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[r0, r0], &(0x7f0000000340)=[{0x5, 0x1, 0xf}, {0x5, 0x4, 0x5, 0x1}], 0x10, 0xc67}, 0x90) (async, rerun: 32)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:55 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68)

[  140.267878][ T3081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  140.275680][ T3081] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  140.283498][ T3081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  140.291303][ T3081] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  140.299117][ T3081]  </TASK>
[  140.340152][ T3088] FAULT_INJECTION: forcing a failure.
[  140.340152][ T3088] name failslab, interval 1, probability 0, space 0, times 0
[  140.359480][ T3088] CPU: 1 PID: 3088 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  140.369569][ T3088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  140.379470][ T3088] Call Trace:
[  140.382587][ T3088]  <TASK>
[  140.385363][ T3088]  dump_stack_lvl+0x151/0x1b7
[  140.389880][ T3088]  ? io_uring_drop_tctx_refs+0x190/0x190
[  140.395351][ T3088]  dump_stack+0x15/0x17
[  140.399332][ T3088]  should_fail+0x3c6/0x510
[  140.403589][ T3088]  __should_failslab+0xa4/0xe0
[  140.408186][ T3088]  ? anon_vma_clone+0x9a/0x500
[  140.412803][ T3088]  should_failslab+0x9/0x20
[  140.417126][ T3088]  slab_pre_alloc_hook+0x37/0xd0
[  140.421899][ T3088]  ? anon_vma_clone+0x9a/0x500
[  140.426496][ T3088]  kmem_cache_alloc+0x44/0x200
[  140.431186][ T3088]  anon_vma_clone+0x9a/0x500
[  140.435611][ T3088]  anon_vma_fork+0x91/0x4e0
[  140.439956][ T3088]  ? anon_vma_name+0x43/0x70
[  140.444379][ T3088]  ? vm_area_dup+0x17a/0x230
[  140.448815][ T3088]  copy_mm+0xa3a/0x13e0
[  140.452798][ T3088]  ? copy_signal+0x610/0x610
[  140.457223][ T3088]  ? __init_rwsem+0xd6/0x1c0
[  140.461649][ T3088]  ? copy_signal+0x4e3/0x610
[  140.466073][ T3088]  copy_process+0x1149/0x3290
[  140.470592][ T3088]  ? proc_fail_nth_write+0x20b/0x290
[  140.475711][ T3088]  ? fsnotify_perm+0x6a/0x5d0
[  140.480221][ T3088]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  140.485167][ T3088]  ? vfs_write+0x9ec/0x1110
[  140.489511][ T3088]  kernel_clone+0x21e/0x9e0
[  140.493849][ T3088]  ? file_end_write+0x1c0/0x1c0
[  140.498538][ T3088]  ? create_io_thread+0x1e0/0x1e0
[  140.503394][ T3088]  ? mutex_unlock+0xb2/0x260
[  140.507823][ T3088]  ? __mutex_lock_slowpath+0x10/0x10
[  140.512944][ T3088]  __x64_sys_clone+0x23f/0x290
[  140.517545][ T3088]  ? __do_sys_vfork+0x130/0x130
[  140.522230][ T3088]  ? ksys_write+0x260/0x2c0
[  140.526570][ T3088]  ? debug_smp_processor_id+0x17/0x20
[  140.531778][ T3088]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  140.537678][ T3088]  ? exit_to_user_mode_prepare+0x39/0xa0
[  140.543147][ T3088]  do_syscall_64+0x3d/0xb0
[  140.547399][ T3088]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  140.553129][ T3088] RIP: 0033:0x7faae203fda9
[  140.557386][ T3088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  140.576921][ T3088] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:55 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x8000000, 0x0, 0x0, 0x0)

21:57:55 executing program 0:
r0 = syz_clone(0x6000000, &(0x7f0000000bc0)="987aabdf9c0fbc1ae017048a6e882044a3ad39efbea6ea7c10971ecdbaa4171d0bf848582373a05f005c7d6123ab35c305e8f43571d4c01836bc59c4bf84e0969a536b81b4b0f0047a73194b0776e126ed3152bbddd4e9c8cbcaf22061d89188c3a238ec2f1177660412aba31d814a90454ee3c6a87ef26ce03cdcba1a19dbc2dee72f67eae84e934e3589f3d1ccd2580656f719414bee6f38aa76973ac2651bcb2bde080b37be74e83942292eeb45d5e5b1fa6b734beb1a95d0c91463e3de8a6469a01b9b394226ea2f3e3280", 0xcd, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000a40)="a140a2e28c8b270ce6f11fc7bbea1076a781d6e04b9f9f3cb8ea0af65b23df246083563bfc347ca01ef32d4943559707d3e83d462d1554cda4d0cc70e6a62f79bfa4b15f20badf5feea5305c50e7c2cf13a76d3c72adc0cb00d6def57c457d049c67913d3e62eb164dba31655f847dba083e7052e248d17d85b10d11fb6d1408646936136336d3095fbafddcafc800b4de6ce1e623fdb9bbae1146fe869c6d2911d12496e77337613a779f")
syz_open_procfs$namespace(r0, &(0x7f0000000940)='ns/net\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x3, 0x66, &(0x7f00000004c0)=""/102, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x2, 0x5, 0x7fffffff, 0x7}, 0x10, 0x1444, r2, 0x3, &(0x7f0000000580)=[r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f00000005c0)=[{0x1, 0x2, 0x10, 0x3}, {0x4, 0x1, 0xb, 0x1}, {0x2, 0x4, 0xd, 0xb}], 0x10, 0x400}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1, <r5=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000980)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r5}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20)
perf_event_open(0x0, 0x0, 0xd, r6, 0xa)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x13, 0x1, 0x9bab, 0x5, 0x208, 0xffffffffffffffff, 0x31, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x14, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x120}, [@call={0x85, 0x0, 0x0, 0x6f}, @call={0x85, 0x0, 0x0, 0x8c}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0xc}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xf, 0x8, 0x2}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000800)=[r5, 0x1, r1, r6, r7, r1], &(0x7f0000000840)=[{0x0, 0x3, 0xa, 0x1}, {0x2, 0x5, 0xb, 0x2}, {0x5, 0x2, 0x1, 0x3}], 0x10, 0x8}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:55 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  140.585156][ T3088] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  140.592966][ T3088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  140.600778][ T3088] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  140.608596][ T3088] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  140.616399][ T3088] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  140.624216][ T3088]  </TASK>
21:57:55 executing program 0:
r0 = syz_clone(0x6000000, &(0x7f0000000bc0)="987aabdf9c0fbc1ae017048a6e882044a3ad39efbea6ea7c10971ecdbaa4171d0bf848582373a05f005c7d6123ab35c305e8f43571d4c01836bc59c4bf84e0969a536b81b4b0f0047a73194b0776e126ed3152bbddd4e9c8cbcaf22061d89188c3a238ec2f1177660412aba31d814a90454ee3c6a87ef26ce03cdcba1a19dbc2dee72f67eae84e934e3589f3d1ccd2580656f719414bee6f38aa76973ac2651bcb2bde080b37be74e83942292eeb45d5e5b1fa6b734beb1a95d0c91463e3de8a6469a01b9b394226ea2f3e3280", 0xcd, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000a40)="a140a2e28c8b270ce6f11fc7bbea1076a781d6e04b9f9f3cb8ea0af65b23df246083563bfc347ca01ef32d4943559707d3e83d462d1554cda4d0cc70e6a62f79bfa4b15f20badf5feea5305c50e7c2cf13a76d3c72adc0cb00d6def57c457d049c67913d3e62eb164dba31655f847dba083e7052e248d17d85b10d11fb6d1408646936136336d3095fbafddcafc800b4de6ce1e623fdb9bbae1146fe869c6d2911d12496e77337613a779f")
syz_open_procfs$namespace(r0, &(0x7f0000000940)='ns/net\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x3, 0x66, &(0x7f00000004c0)=""/102, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x2, 0x5, 0x7fffffff, 0x7}, 0x10, 0x1444, r2, 0x3, &(0x7f0000000580)=[r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f00000005c0)=[{0x1, 0x2, 0x10, 0x3}, {0x4, 0x1, 0xb, 0x1}, {0x2, 0x4, 0xd, 0xb}], 0x10, 0x400}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1, <r5=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000980)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r5}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20)
perf_event_open(0x0, 0x0, 0xd, r6, 0xa)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x13, 0x1, 0x9bab, 0x5, 0x208, 0xffffffffffffffff, 0x31, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x14, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x120}, [@call={0x85, 0x0, 0x0, 0x6f}, @call={0x85, 0x0, 0x0, 0x8c}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0xc}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xf, 0x8, 0x2}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000800)=[r5, 0x1, r1, r6, r7, r1], &(0x7f0000000840)=[{0x0, 0x3, 0xa, 0x1}, {0x2, 0x5, 0xb, 0x2}, {0x5, 0x2, 0x1, 0x3}], 0x10, 0x8}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x6000000, &(0x7f0000000bc0)="987aabdf9c0fbc1ae017048a6e882044a3ad39efbea6ea7c10971ecdbaa4171d0bf848582373a05f005c7d6123ab35c305e8f43571d4c01836bc59c4bf84e0969a536b81b4b0f0047a73194b0776e126ed3152bbddd4e9c8cbcaf22061d89188c3a238ec2f1177660412aba31d814a90454ee3c6a87ef26ce03cdcba1a19dbc2dee72f67eae84e934e3589f3d1ccd2580656f719414bee6f38aa76973ac2651bcb2bde080b37be74e83942292eeb45d5e5b1fa6b734beb1a95d0c91463e3de8a6469a01b9b394226ea2f3e3280", 0xcd, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000a40)="a140a2e28c8b270ce6f11fc7bbea1076a781d6e04b9f9f3cb8ea0af65b23df246083563bfc347ca01ef32d4943559707d3e83d462d1554cda4d0cc70e6a62f79bfa4b15f20badf5feea5305c50e7c2cf13a76d3c72adc0cb00d6def57c457d049c67913d3e62eb164dba31655f847dba083e7052e248d17d85b10d11fb6d1408646936136336d3095fbafddcafc800b4de6ce1e623fdb9bbae1146fe869c6d2911d12496e77337613a779f") (async)
syz_open_procfs$namespace(r0, &(0x7f0000000940)='ns/net\x00') (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x3, 0x66, &(0x7f00000004c0)=""/102, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x2, 0x5, 0x7fffffff, 0x7}, 0x10, 0x1444, r2, 0x3, &(0x7f0000000580)=[r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f00000005c0)=[{0x1, 0x2, 0x10, 0x3}, {0x4, 0x1, 0xb, 0x1}, {0x2, 0x4, 0xd, 0xb}], 0x10, 0x400}, 0x90) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async)
openat$cgroup_ro(r6, &(0x7f0000000980)='blkio.bfq.io_queued\x00', 0x0, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r5}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20) (async)
perf_event_open(0x0, 0x0, 0xd, r6, 0xa) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x13, 0x1, 0x9bab, 0x5, 0x208, 0xffffffffffffffff, 0x31, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x14, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x120}, [@call={0x85, 0x0, 0x0, 0x6f}, @call={0x85, 0x0, 0x0, 0x8c}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0xc}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xf, 0x8, 0x2}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000800)=[r5, 0x1, r1, r6, r7, r1], &(0x7f0000000840)=[{0x0, 0x3, 0xa, 0x1}, {0x2, 0x5, 0xb, 0x2}, {0x5, 0x2, 0x1, 0x3}], 0x10, 0x8}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

21:57:55 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x9000000, 0x0, 0x0, 0x0)

21:57:55 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:55 executing program 0:
r0 = syz_clone(0x6000000, &(0x7f0000000bc0)="987aabdf9c0fbc1ae017048a6e882044a3ad39efbea6ea7c10971ecdbaa4171d0bf848582373a05f005c7d6123ab35c305e8f43571d4c01836bc59c4bf84e0969a536b81b4b0f0047a73194b0776e126ed3152bbddd4e9c8cbcaf22061d89188c3a238ec2f1177660412aba31d814a90454ee3c6a87ef26ce03cdcba1a19dbc2dee72f67eae84e934e3589f3d1ccd2580656f719414bee6f38aa76973ac2651bcb2bde080b37be74e83942292eeb45d5e5b1fa6b734beb1a95d0c91463e3de8a6469a01b9b394226ea2f3e3280", 0xcd, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000a40)="a140a2e28c8b270ce6f11fc7bbea1076a781d6e04b9f9f3cb8ea0af65b23df246083563bfc347ca01ef32d4943559707d3e83d462d1554cda4d0cc70e6a62f79bfa4b15f20badf5feea5305c50e7c2cf13a76d3c72adc0cb00d6def57c457d049c67913d3e62eb164dba31655f847dba083e7052e248d17d85b10d11fb6d1408646936136336d3095fbafddcafc800b4de6ce1e623fdb9bbae1146fe869c6d2911d12496e77337613a779f")
syz_open_procfs$namespace(r0, &(0x7f0000000940)='ns/net\x00') (async)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x3, 0x66, &(0x7f00000004c0)=""/102, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x2, 0x5, 0x7fffffff, 0x7}, 0x10, 0x1444, r2, 0x3, &(0x7f0000000580)=[r1, r1, r1, r1, r1, r1, r1, r1], &(0x7f00000005c0)=[{0x1, 0x2, 0x10, 0x3}, {0x4, 0x1, 0xb, 0x1}, {0x2, 0x4, 0xd, 0xb}], 0x10, 0x400}, 0x90) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1, <r5=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000980)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r5}, &(0x7f0000000340), &(0x7f0000000380)='%pI4   \x00'}, 0x20) (async)
perf_event_open(0x0, 0x0, 0xd, r6, 0xa) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x13, 0x1, 0x9bab, 0x5, 0x208, 0xffffffffffffffff, 0x31, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x14, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x120}, [@call={0x85, 0x0, 0x0, 0x6f}, @call={0x85, 0x0, 0x0, 0x8c}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @exit, @map_idx={0x18, 0x5, 0x5, 0x0, 0xc}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xf, 0x8, 0x2}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000800)=[r5, 0x1, r1, r6, r7, r1], &(0x7f0000000840)=[{0x0, 0x3, 0xa, 0x1}, {0x2, 0x5, 0xb, 0x2}, {0x5, 0x2, 0x1, 0x3}], 0x10, 0x8}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:55 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:55 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x10000200, 0x0, 0x0, 0x0)

21:57:55 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69)

21:57:55 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0], <r3=>0x0, 0x0, &(0x7f00000004c0), 0x0, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1c, 0x0, 0x0, 0x0, 0xa9, 0x0, 0x0, 0x0, 0x10, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, r3, r4, 0x0, &(0x7f0000000980)=[0x1, r5]}, 0x90)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000010c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@volatile={0xd, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x2e]}}, &(0x7f0000001100)=""/135, 0x27, 0x87, 0x0, 0x80}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x18, 0x1b, &(0x7f0000000f80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x401}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xc5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20}, @generic={0x5, 0xb, 0xf, 0x7, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x1, '\x00', r2, 0x0, r6, 0x8, &(0x7f0000001200)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000001240)={0x2, 0x0, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000001280)=[{0x2, 0x5, 0xc, 0x7}, {0x4, 0x5, 0xb, 0x6}, {0x1, 0x4, 0x7}, {0x5, 0x3, 0x0, 0x6}, {0x2, 0x3, 0xf, 0xc}, {0x3, 0x4, 0xd, 0x3}], 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x16, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x4}]}, &(0x7f0000000200)='GPL\x00', 0x81, 0x23, &(0x7f0000000300)=""/35, 0x40f00, 0x9, '\x00', r2, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x0, 0x3, 0xb7}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000440)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000480)=[{0x0, 0x2, 0x9, 0x9}, {0x0, 0x1, 0x4, 0x2}], 0x10, 0x5}, 0x90)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x12, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x7a}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000e40)=@bpf_lsm={0x1d, 0x2c, &(0x7f0000000bc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x86e9, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe3d}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @generic={0xff, 0x4, 0x5, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0xffffffffffffffff, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}}, @call={0x85, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000740)='GPL\x00', 0x40, 0x97, &(0x7f0000000d40)=""/151, 0x41100, 0x6c, '\x00', r2, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000a80)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x0, 0x2, 0x2, 0x1}, 0x10, r3, 0x0, 0x0, &(0x7f0000000e00)=[r5], 0x0, 0x10, 0x3}, 0x90)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x1, 0x8, 0xcf, 0x1102, r0, 0x1ff, '\x00', r2, r8, 0x2, 0x1, 0x5}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x15, 0x1, 0x4, 0x4, 0x100, r4, 0x7fff, '\x00', r2, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x2, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0xa, 0x1, 0x0, r0}], &(0x7f0000000040)='GPL\x00', 0x3, 0xee, &(0x7f0000000180)=""/238, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x10001, 0x1}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000002c0)=[{0x4, 0x5, 0xd}, {0x0, 0x3, 0x0, 0x7}, {0x3, 0x4, 0x10, 0x7}, {0x0, 0x2, 0x4, 0x7}, {0x5, 0x4, 0x9, 0x7}, {0x3, 0x4, 0xa, 0x1}], 0x10, 0x7}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = openat$cgroup(r4, &(0x7f00000004c0)='syz0\x00', 0x200002, 0x0)
r11 = openat$cgroup_ro(r10, &(0x7f0000000700)='cpuacct.stat\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0xc0, 0x0, r11, 0xff, '\x00', r2, r8, 0x5, 0x2, 0x1}, 0x48)

[  140.872076][ T3134] FAULT_INJECTION: forcing a failure.
[  140.872076][ T3134] name failslab, interval 1, probability 0, space 0, times 0
[  140.901441][ T3134] CPU: 0 PID: 3134 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  140.911534][ T3134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  140.921426][ T3134] Call Trace:
[  140.924547][ T3134]  <TASK>
[  140.927331][ T3134]  dump_stack_lvl+0x151/0x1b7
[  140.931838][ T3134]  ? io_uring_drop_tctx_refs+0x190/0x190
[  140.937308][ T3134]  dump_stack+0x15/0x17
[  140.941298][ T3134]  should_fail+0x3c6/0x510
[  140.945556][ T3134]  __should_failslab+0xa4/0xe0
[  140.950151][ T3134]  ? anon_vma_clone+0x9a/0x500
[  140.954749][ T3134]  should_failslab+0x9/0x20
[  140.959090][ T3134]  slab_pre_alloc_hook+0x37/0xd0
[  140.963864][ T3134]  ? anon_vma_clone+0x9a/0x500
[  140.968465][ T3134]  kmem_cache_alloc+0x44/0x200
[  140.973065][ T3134]  anon_vma_clone+0x9a/0x500
[  140.977494][ T3134]  anon_vma_fork+0x91/0x4e0
[  140.981831][ T3134]  ? anon_vma_name+0x43/0x70
[  140.986256][ T3134]  ? vm_area_dup+0x17a/0x230
[  140.990684][ T3134]  copy_mm+0xa3a/0x13e0
[  140.994677][ T3134]  ? copy_signal+0x610/0x610
[  140.999104][ T3134]  ? __init_rwsem+0xd6/0x1c0
[  141.003531][ T3134]  ? copy_signal+0x4e3/0x610
[  141.007955][ T3134]  copy_process+0x1149/0x3290
[  141.012469][ T3134]  ? proc_fail_nth_write+0x20b/0x290
[  141.017590][ T3134]  ? fsnotify_perm+0x6a/0x5d0
[  141.022107][ T3134]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  141.027051][ T3134]  ? vfs_write+0x9ec/0x1110
[  141.031392][ T3134]  kernel_clone+0x21e/0x9e0
[  141.035734][ T3134]  ? file_end_write+0x1c0/0x1c0
[  141.040418][ T3134]  ? create_io_thread+0x1e0/0x1e0
[  141.045278][ T3134]  ? mutex_unlock+0xb2/0x260
[  141.049704][ T3134]  ? __mutex_lock_slowpath+0x10/0x10
[  141.054838][ T3134]  __x64_sys_clone+0x23f/0x290
[  141.059426][ T3134]  ? __do_sys_vfork+0x130/0x130
[  141.064112][ T3134]  ? ksys_write+0x260/0x2c0
[  141.068450][ T3134]  ? debug_smp_processor_id+0x17/0x20
[  141.073657][ T3134]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  141.079560][ T3134]  ? exit_to_user_mode_prepare+0x39/0xa0
[  141.085030][ T3134]  do_syscall_64+0x3d/0xb0
[  141.089284][ T3134]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  141.095009][ T3134] RIP: 0033:0x7faae203fda9
[  141.099264][ T3134] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:57:56 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1f000000, 0x0, 0x0, 0x0)

21:57:56 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  141.118702][ T3134] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  141.126949][ T3134] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  141.134758][ T3134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  141.142575][ T3134] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  141.150381][ T3134] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  141.158192][ T3134] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  141.166007][ T3134]  </TASK>
21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1ffff000, 0x0, 0x0, 0x0)

21:57:56 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70)

21:57:56 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0], <r3=>0x0, 0x0, &(0x7f00000004c0), 0x0, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1c, 0x0, 0x0, 0x0, 0xa9, 0x0, 0x0, 0x0, 0x10, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, r3, r4, 0x0, &(0x7f0000000980)=[0x1, r5]}, 0x90) (async)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000010c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@volatile={0xd, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x2e]}}, &(0x7f0000001100)=""/135, 0x27, 0x87, 0x0, 0x80}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x18, 0x1b, &(0x7f0000000f80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x401}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xc5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20}, @generic={0x5, 0xb, 0xf, 0x7, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x1, '\x00', r2, 0x0, r6, 0x8, &(0x7f0000001200)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000001240)={0x2, 0x0, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000001280)=[{0x2, 0x5, 0xc, 0x7}, {0x4, 0x5, 0xb, 0x6}, {0x1, 0x4, 0x7}, {0x5, 0x3, 0x0, 0x6}, {0x2, 0x3, 0xf, 0xc}, {0x3, 0x4, 0xd, 0x3}], 0x10, 0x1}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x16, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x4}]}, &(0x7f0000000200)='GPL\x00', 0x81, 0x23, &(0x7f0000000300)=""/35, 0x40f00, 0x9, '\x00', r2, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x0, 0x3, 0xb7}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000440)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000480)=[{0x0, 0x2, 0x9, 0x9}, {0x0, 0x1, 0x4, 0x2}], 0x10, 0x5}, 0x90) (async)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x12, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x7a}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000e40)=@bpf_lsm={0x1d, 0x2c, &(0x7f0000000bc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x86e9, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe3d}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @generic={0xff, 0x4, 0x5, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0xffffffffffffffff, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}}, @call={0x85, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000740)='GPL\x00', 0x40, 0x97, &(0x7f0000000d40)=""/151, 0x41100, 0x6c, '\x00', r2, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000a80)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x0, 0x2, 0x2, 0x1}, 0x10, r3, 0x0, 0x0, &(0x7f0000000e00)=[r5], 0x0, 0x10, 0x3}, 0x90)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x1, 0x8, 0xcf, 0x1102, r0, 0x1ff, '\x00', r2, r8, 0x2, 0x1, 0x5}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x15, 0x1, 0x4, 0x4, 0x100, r4, 0x7fff, '\x00', r2, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x2, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0xa, 0x1, 0x0, r0}], &(0x7f0000000040)='GPL\x00', 0x3, 0xee, &(0x7f0000000180)=""/238, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x10001, 0x1}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000002c0)=[{0x4, 0x5, 0xd}, {0x0, 0x3, 0x0, 0x7}, {0x3, 0x4, 0x10, 0x7}, {0x0, 0x2, 0x4, 0x7}, {0x5, 0x4, 0x9, 0x7}, {0x3, 0x4, 0xa, 0x1}], 0x10, 0x7}, 0x90) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = openat$cgroup(r4, &(0x7f00000004c0)='syz0\x00', 0x200002, 0x0)
r11 = openat$cgroup_ro(r10, &(0x7f0000000700)='cpuacct.stat\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0xc0, 0x0, r11, 0xff, '\x00', r2, r8, 0x5, 0x2, 0x1}, 0x48)

21:57:56 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x20000000, 0x0, 0x0, 0x0)

[  141.277194][ T3144] FAULT_INJECTION: forcing a failure.
[  141.277194][ T3144] name failslab, interval 1, probability 0, space 0, times 0
[  141.305666][ T3144] CPU: 0 PID: 3144 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  141.315741][ T3144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  141.325644][ T3144] Call Trace:
[  141.328769][ T3144]  <TASK>
[  141.331542][ T3144]  dump_stack_lvl+0x151/0x1b7
[  141.336055][ T3144]  ? io_uring_drop_tctx_refs+0x190/0x190
[  141.341525][ T3144]  dump_stack+0x15/0x17
[  141.345510][ T3144]  should_fail+0x3c6/0x510
[  141.349763][ T3144]  __should_failslab+0xa4/0xe0
[  141.354363][ T3144]  ? vm_area_dup+0x26/0x230
[  141.358705][ T3144]  should_failslab+0x9/0x20
[  141.363041][ T3144]  slab_pre_alloc_hook+0x37/0xd0
[  141.367815][ T3144]  ? vm_area_dup+0x26/0x230
[  141.372153][ T3144]  kmem_cache_alloc+0x44/0x200
[  141.376755][ T3144]  vm_area_dup+0x26/0x230
[  141.380921][ T3144]  copy_mm+0x9a1/0x13e0
[  141.384917][ T3144]  ? copy_signal+0x610/0x610
[  141.389349][ T3144]  ? __init_rwsem+0xd6/0x1c0
[  141.393765][ T3144]  ? copy_signal+0x4e3/0x610
[  141.398192][ T3144]  copy_process+0x1149/0x3290
[  141.402707][ T3144]  ? proc_fail_nth_write+0x20b/0x290
[  141.407827][ T3144]  ? fsnotify_perm+0x6a/0x5d0
[  141.412340][ T3144]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  141.417299][ T3144]  ? vfs_write+0x9ec/0x1110
[  141.421628][ T3144]  kernel_clone+0x21e/0x9e0
[  141.425967][ T3144]  ? file_end_write+0x1c0/0x1c0
[  141.430656][ T3144]  ? create_io_thread+0x1e0/0x1e0
[  141.435636][ T3144]  ? mutex_unlock+0xb2/0x260
[  141.440064][ T3144]  ? __mutex_lock_slowpath+0x10/0x10
[  141.445185][ T3144]  __x64_sys_clone+0x23f/0x290
[  141.449787][ T3144]  ? __do_sys_vfork+0x130/0x130
[  141.454469][ T3144]  ? switch_fpu_return+0x1ed/0x3d0
[  141.459419][ T3144]  ? __kasan_check_read+0x11/0x20
[  141.464284][ T3144]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  141.469746][ T3144]  do_syscall_64+0x3d/0xb0
[  141.474000][ T3144]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  141.479730][ T3144] RIP: 0033:0x7faae203fda9
[  141.483982][ T3144] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  141.503424][ T3144] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  141.511669][ T3144] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  141.519480][ T3144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:56 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0], <r3=>0x0, 0x0, &(0x7f00000004c0), 0x0, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940), 0x10) (async)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940), 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1c, 0x0, 0x0, 0x0, 0xa9, 0x0, 0x0, 0x0, 0x10, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, r3, r4, 0x0, &(0x7f0000000980)=[0x1, r5]}, 0x90)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000010c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@volatile={0xd, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x2e]}}, &(0x7f0000001100)=""/135, 0x27, 0x87, 0x0, 0x80}, 0x20) (async)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000010c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@volatile={0xd, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x2e]}}, &(0x7f0000001100)=""/135, 0x27, 0x87, 0x0, 0x80}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x18, 0x1b, &(0x7f0000000f80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x401}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8001}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xc5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20}, @generic={0x5, 0xb, 0xf, 0x7, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x1, '\x00', r2, 0x0, r6, 0x8, &(0x7f0000001200)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000001240)={0x2, 0x0, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000001280)=[{0x2, 0x5, 0xc, 0x7}, {0x4, 0x5, 0xb, 0x6}, {0x1, 0x4, 0x7}, {0x5, 0x3, 0x0, 0x6}, {0x2, 0x3, 0xf, 0xc}, {0x3, 0x4, 0xd, 0x3}], 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x16, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x4}]}, &(0x7f0000000200)='GPL\x00', 0x81, 0x23, &(0x7f0000000300)=""/35, 0x40f00, 0x9, '\x00', r2, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x0, 0x3, 0xb7}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000440)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000480)=[{0x0, 0x2, 0x9, 0x9}, {0x0, 0x1, 0x4, 0x2}], 0x10, 0x5}, 0x90)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x12, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x7a}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x12, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x7a}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000e40)=@bpf_lsm={0x1d, 0x2c, &(0x7f0000000bc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x86e9, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe3d}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @generic={0xff, 0x4, 0x5, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0xffffffffffffffff, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}}, @call={0x85, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000740)='GPL\x00', 0x40, 0x97, &(0x7f0000000d40)=""/151, 0x41100, 0x6c, '\x00', r2, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000a80)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000ac0)={0x0, 0x2, 0x2, 0x1}, 0x10, r3, 0x0, 0x0, &(0x7f0000000e00)=[r5], 0x0, 0x10, 0x3}, 0x90)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x1, 0x8, 0xcf, 0x1102, r0, 0x1ff, '\x00', r2, r8, 0x2, 0x1, 0x5}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x1, 0x8, 0xcf, 0x1102, r0, 0x1ff, '\x00', r2, r8, 0x2, 0x1, 0x5}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x15, 0x1, 0x4, 0x4, 0x100, r4, 0x7fff, '\x00', r2, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x2, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0xa, 0x1, 0x0, r0}], &(0x7f0000000040)='GPL\x00', 0x3, 0xee, &(0x7f0000000180)=""/238, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xa, 0x10001, 0x1}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000002c0)=[{0x4, 0x5, 0xd}, {0x0, 0x3, 0x0, 0x7}, {0x3, 0x4, 0x10, 0x7}, {0x0, 0x2, 0x4, 0x7}, {0x5, 0x4, 0x9, 0x7}, {0x3, 0x4, 0xa, 0x1}], 0x10, 0x7}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = openat$cgroup(r4, &(0x7f00000004c0)='syz0\x00', 0x200002, 0x0)
r11 = openat$cgroup_ro(r10, &(0x7f0000000700)='cpuacct.stat\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0xc0, 0x0, r11, 0xff, '\x00', r2, r8, 0x5, 0x2, 0x1}, 0x48) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)={0x1b, 0x0, 0x0, 0xc0, 0x0, r11, 0xff, '\x00', r2, r8, 0x5, 0x2, 0x1}, 0x48)

21:57:56 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  141.527290][ T3144] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  141.535100][ T3144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  141.542912][ T3144] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  141.550727][ T3144]  </TASK>
21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x8c6502a0, 0x0, 0x0, 0x0)

21:57:56 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x800}, [@alu={0x7, 0x0, 0xc, 0x5, 0x0, 0xffffffffffffffc4, 0x1}, @call={0x85, 0x0, 0x0, 0xaf}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0x8, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0xcb, 0xca, &(0x7f0000000180)=""/202, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000280)=[r0, r0, r0, r0], &(0x7f00000002c0)=[{0x5, 0x1, 0x7, 0x1}, {0x0, 0x2, 0xa, 0x9}, {0x800, 0x2, 0xf, 0xb}], 0x10, 0x2}, 0x90)
r1 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/ipc\x00')
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xfe, 0xf9, 0x6, 0x3, 0x0, 0x63, 0x4010, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0xfffffffffffffffd, 0x7}, 0x20, 0x40000000, 0x57, 0x6, 0x6, 0x5, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, r1, 0xe, 0xffffffffffffffff, 0x8)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xa002658c, 0x0, 0x0, 0x0)

21:57:56 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71)

21:57:56 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:56 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x800}, [@alu={0x7, 0x0, 0xc, 0x5, 0x0, 0xffffffffffffffc4, 0x1}, @call={0x85, 0x0, 0x0, 0xaf}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0x8, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0xcb, 0xca, &(0x7f0000000180)=""/202, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000280)=[r0, r0, r0, r0], &(0x7f00000002c0)=[{0x5, 0x1, 0x7, 0x1}, {0x0, 0x2, 0xa, 0x9}, {0x800, 0x2, 0xf, 0xb}], 0x10, 0x2}, 0x90) (async)
r1 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/ipc\x00') (async, rerun: 64)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xfe, 0xf9, 0x6, 0x3, 0x0, 0x63, 0x4010, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0xfffffffffffffffd, 0x7}, 0x20, 0x40000000, 0x57, 0x6, 0x6, 0x5, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, r1, 0xe, 0xffffffffffffffff, 0x8) (rerun: 64)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xa002a8d8, 0x0, 0x0, 0x0)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xd8a802a0, 0x0, 0x0, 0x0)

21:57:56 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x800}, [@alu={0x7, 0x0, 0xc, 0x5, 0x0, 0xffffffffffffffc4, 0x1}, @call={0x85, 0x0, 0x0, 0xaf}, @jmp={0x5, 0x1, 0xc, 0x7, 0x4, 0x8, 0x1}]}, &(0x7f00000000c0)='GPL\x00', 0xcb, 0xca, &(0x7f0000000180)=""/202, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000280)=[r0, r0, r0, r0], &(0x7f00000002c0)=[{0x5, 0x1, 0x7, 0x1}, {0x0, 0x2, 0xa, 0x9}, {0x800, 0x2, 0xf, 0xb}], 0x10, 0x2}, 0x90) (async, rerun: 64)
r1 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64)
syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/ipc\x00') (async)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xfe, 0xf9, 0x6, 0x3, 0x0, 0x63, 0x4010, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x401, 0x0, @perf_config_ext={0xfffffffffffffffd, 0x7}, 0x20, 0x40000000, 0x57, 0x6, 0x6, 0x5, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, r1, 0xe, 0xffffffffffffffff, 0x8)

21:57:56 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0)

[  141.810555][ T3188] FAULT_INJECTION: forcing a failure.
[  141.810555][ T3188] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  141.845105][ T3188] CPU: 1 PID: 3188 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
21:57:56 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xfbffffff, 0x0, 0x0, 0x0)

[  141.855194][ T3188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  141.865084][ T3188] Call Trace:
[  141.868210][ T3188]  <TASK>
[  141.870987][ T3188]  dump_stack_lvl+0x151/0x1b7
[  141.875498][ T3188]  ? io_uring_drop_tctx_refs+0x190/0x190
[  141.880970][ T3188]  dump_stack+0x15/0x17
[  141.884954][ T3188]  should_fail+0x3c6/0x510
[  141.889211][ T3188]  should_fail_alloc_page+0x5a/0x80
[  141.894245][ T3188]  prepare_alloc_pages+0x15c/0x700
[  141.899190][ T3188]  ? __alloc_pages+0x8f0/0x8f0
[  141.903795][ T3188]  ? __alloc_pages_bulk+0xe40/0xe40
[  141.908822][ T3188]  ? sched_clock+0x9/0x10
[  141.912997][ T3188]  __alloc_pages+0x18c/0x8f0
[  141.917418][ T3188]  ? prep_new_page+0x110/0x110
[  141.922034][ T3188]  ? 0xffffffffa0026b98
[  141.926014][ T3188]  ? is_bpf_text_address+0x172/0x190
[  141.931133][ T3188]  pte_alloc_one+0x73/0x1b0
[  141.935467][ T3188]  ? pfn_modify_allowed+0x2f0/0x2f0
[  141.940500][ T3188]  ? arch_stack_walk+0xf3/0x140
[  141.945277][ T3188]  __pte_alloc+0x86/0x350
[  141.949448][ T3188]  ? free_pgtables+0x280/0x280
[  141.954038][ T3188]  ? _raw_spin_lock+0xa4/0x1b0
[  141.958640][ T3188]  ? __kasan_check_write+0x14/0x20
[  141.963589][ T3188]  copy_page_range+0x28a8/0x2f90
[  141.968365][ T3188]  ? __kasan_slab_alloc+0xb1/0xe0
[  141.973234][ T3188]  ? pfn_valid+0x1e0/0x1e0
[  141.977475][ T3188]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  141.983030][ T3188]  ? __rb_insert_augmented+0x5de/0x610
[  141.988325][ T3188]  copy_mm+0xc7e/0x13e0
[  141.992319][ T3188]  ? copy_signal+0x610/0x610
[  141.996741][ T3188]  ? __init_rwsem+0xd6/0x1c0
[  142.001166][ T3188]  ? copy_signal+0x4e3/0x610
[  142.005593][ T3188]  copy_process+0x1149/0x3290
[  142.010108][ T3188]  ? proc_fail_nth_write+0x20b/0x290
[  142.015233][ T3188]  ? fsnotify_perm+0x6a/0x5d0
[  142.019741][ T3188]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  142.024690][ T3188]  ? vfs_write+0x9ec/0x1110
[  142.029049][ T3188]  kernel_clone+0x21e/0x9e0
[  142.033367][ T3188]  ? file_end_write+0x1c0/0x1c0
[  142.038056][ T3188]  ? create_io_thread+0x1e0/0x1e0
[  142.043001][ T3188]  ? mutex_unlock+0xb2/0x260
[  142.047433][ T3188]  ? __mutex_lock_slowpath+0x10/0x10
[  142.052550][ T3188]  __x64_sys_clone+0x23f/0x290
[  142.057151][ T3188]  ? __do_sys_vfork+0x130/0x130
[  142.061838][ T3188]  ? ksys_write+0x260/0x2c0
[  142.066176][ T3188]  ? debug_smp_processor_id+0x17/0x20
[  142.071386][ T3188]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  142.077285][ T3188]  ? exit_to_user_mode_prepare+0x39/0xa0
[  142.082754][ T3188]  do_syscall_64+0x3d/0xb0
[  142.087006][ T3188]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  142.092733][ T3188] RIP: 0033:0x7faae203fda9
[  142.096988][ T3188] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  142.116428][ T3188] RSP: 002b:00007faae0da0078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  142.124679][ T3188] RAX: ffffffffffffffda RBX: 00007faae216e050 RCX: 00007faae203fda9
[  142.132487][ T3188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  142.140296][ T3188] RBP: 00007faae0da0120 R08: 0000000000000000 R09: 0000000000000000
[  142.148108][ T3188] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xfffffff5, 0x0, 0x0, 0x0)

21:57:57 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72)

[  142.155918][ T3188] R13: 000000000000006e R14: 00007faae216e050 R15: 00007ffcc786d3b8
[  142.163735][ T3188]  </TASK>
21:57:57 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xfffffffb, 0x0, 0x0, 0x0)

21:57:57 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  142.249766][ T3197] FAULT_INJECTION: forcing a failure.
[  142.249766][ T3197] name failslab, interval 1, probability 0, space 0, times 0
[  142.294408][ T3197] CPU: 1 PID: 3197 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  142.304517][ T3197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  142.314406][ T3197] Call Trace:
[  142.317532][ T3197]  <TASK>
[  142.320310][ T3197]  dump_stack_lvl+0x151/0x1b7
[  142.324820][ T3197]  ? io_uring_drop_tctx_refs+0x190/0x190
[  142.330300][ T3197]  dump_stack+0x15/0x17
[  142.334280][ T3197]  should_fail+0x3c6/0x510
[  142.338542][ T3197]  __should_failslab+0xa4/0xe0
[  142.343135][ T3197]  ? vm_area_dup+0x26/0x230
[  142.347472][ T3197]  should_failslab+0x9/0x20
[  142.351811][ T3197]  slab_pre_alloc_hook+0x37/0xd0
[  142.356584][ T3197]  ? vm_area_dup+0x26/0x230
[  142.360926][ T3197]  kmem_cache_alloc+0x44/0x200
[  142.365524][ T3197]  vm_area_dup+0x26/0x230
[  142.369692][ T3197]  copy_mm+0x9a1/0x13e0
[  142.373687][ T3197]  ? copy_signal+0x610/0x610
[  142.378111][ T3197]  ? __init_rwsem+0xd6/0x1c0
[  142.382537][ T3197]  ? copy_signal+0x4e3/0x610
[  142.386964][ T3197]  copy_process+0x1149/0x3290
[  142.391475][ T3197]  ? proc_fail_nth_write+0x20b/0x290
[  142.396596][ T3197]  ? fsnotify_perm+0x6a/0x5d0
[  142.401106][ T3197]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  142.406056][ T3197]  ? vfs_write+0x9ec/0x1110
[  142.410398][ T3197]  kernel_clone+0x21e/0x9e0
[  142.414734][ T3197]  ? file_end_write+0x1c0/0x1c0
[  142.419419][ T3197]  ? create_io_thread+0x1e0/0x1e0
[  142.424301][ T3197]  ? mutex_unlock+0xb2/0x260
[  142.428708][ T3197]  ? __mutex_lock_slowpath+0x10/0x10
[  142.433828][ T3197]  __x64_sys_clone+0x23f/0x290
[  142.438427][ T3197]  ? __do_sys_vfork+0x130/0x130
[  142.443113][ T3197]  ? ksys_write+0x260/0x2c0
[  142.447454][ T3197]  ? debug_smp_processor_id+0x17/0x20
[  142.452660][ T3197]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  142.458563][ T3197]  ? exit_to_user_mode_prepare+0x39/0xa0
[  142.464033][ T3197]  do_syscall_64+0x3d/0xb0
[  142.468283][ T3197]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  142.474014][ T3197] RIP: 0033:0x7faae203fda9
21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1b0f81f000, 0x0, 0x0, 0x0)

[  142.478265][ T3197] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  142.497706][ T3197] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  142.505950][ T3197] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  142.513765][ T3197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  142.521573][ T3197] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  142.529383][ T3197] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  142.537197][ T3197] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2a24b5fa5000, 0x0, 0x0, 0x0)

21:57:57 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73)

[  142.545015][ T3197]  </TASK>
21:57:57 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  142.623293][ T3212] FAULT_INJECTION: forcing a failure.
[  142.623293][ T3212] name failslab, interval 1, probability 0, space 0, times 0
[  142.638767][ T3212] CPU: 0 PID: 3212 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  142.648855][ T3212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  142.658749][ T3212] Call Trace:
[  142.661867][ T3212]  <TASK>
[  142.664770][ T3212]  dump_stack_lvl+0x151/0x1b7
21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x553a255ea000, 0x0, 0x0, 0x0)

[  142.669279][ T3212]  ? io_uring_drop_tctx_refs+0x190/0x190
[  142.674753][ T3212]  dump_stack+0x15/0x17
[  142.678739][ T3212]  should_fail+0x3c6/0x510
[  142.682999][ T3212]  __should_failslab+0xa4/0xe0
[  142.687592][ T3212]  ? anon_vma_clone+0x9a/0x500
[  142.692198][ T3212]  should_failslab+0x9/0x20
[  142.696534][ T3212]  slab_pre_alloc_hook+0x37/0xd0
[  142.701311][ T3212]  ? anon_vma_clone+0x9a/0x500
[  142.705905][ T3212]  kmem_cache_alloc+0x44/0x200
[  142.710507][ T3212]  anon_vma_clone+0x9a/0x500
[  142.714937][ T3212]  anon_vma_fork+0x91/0x4e0
[  142.719270][ T3212]  ? anon_vma_name+0x43/0x70
[  142.723697][ T3212]  ? vm_area_dup+0x17a/0x230
[  142.728128][ T3212]  copy_mm+0xa3a/0x13e0
[  142.732125][ T3212]  ? copy_signal+0x610/0x610
[  142.736547][ T3212]  ? __init_rwsem+0xd6/0x1c0
[  142.740977][ T3212]  ? copy_signal+0x4e3/0x610
[  142.745397][ T3212]  copy_process+0x1149/0x3290
[  142.749915][ T3212]  ? proc_fail_nth_write+0x20b/0x290
[  142.755030][ T3212]  ? fsnotify_perm+0x6a/0x5d0
[  142.759544][ T3212]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  142.764494][ T3212]  ? vfs_write+0x9ec/0x1110
[  142.768836][ T3212]  kernel_clone+0x21e/0x9e0
[  142.773174][ T3212]  ? file_end_write+0x1c0/0x1c0
[  142.777858][ T3212]  ? create_io_thread+0x1e0/0x1e0
[  142.782717][ T3212]  ? mutex_unlock+0xb2/0x260
[  142.787142][ T3212]  ? __mutex_lock_slowpath+0x10/0x10
[  142.792264][ T3212]  __x64_sys_clone+0x23f/0x290
[  142.796864][ T3212]  ? __do_sys_vfork+0x130/0x130
[  142.801554][ T3212]  ? ksys_write+0x260/0x2c0
[  142.805892][ T3212]  ? debug_smp_processor_id+0x17/0x20
[  142.811094][ T3212]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  142.817001][ T3212]  ? exit_to_user_mode_prepare+0x39/0xa0
[  142.822467][ T3212]  do_syscall_64+0x3d/0xb0
[  142.826719][ T3212]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  142.832450][ T3212] RIP: 0033:0x7faae203fda9
[  142.836710][ T3212] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  142.856146][ T3212] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  142.864402][ T3212] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:57:57 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@ptr={0xf, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x0, 0x2e]}}, &(0x7f0000000340)=""/162, 0x29, 0xa2, 0x1, 0x401}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, <r4=>0x0}, 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x8000}, [@tail_call]}, &(0x7f0000000040)='GPL\x00', 0x0, 0xdd, &(0x7f0000000180)=""/221, 0x40f00, 0x40, '\x00', r2, 0x1d, r3, 0x8, &(0x7f0000000440)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xe, 0x7, 0x583}, 0x10, r4, r1, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r5], 0x0, 0x10, 0x8}, 0x90)

21:57:57 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2001000000000, 0x0, 0x0, 0x0)

21:57:57 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74)

21:57:57 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@ptr={0xf, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x0, 0x2e]}}, &(0x7f0000000340)=""/162, 0x29, 0xa2, 0x1, 0x401}, 0x20) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, <r4=>0x0}, 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x8000}, [@tail_call]}, &(0x7f0000000040)='GPL\x00', 0x0, 0xdd, &(0x7f0000000180)=""/221, 0x40f00, 0x40, '\x00', r2, 0x1d, r3, 0x8, &(0x7f0000000440)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xe, 0x7, 0x583}, 0x10, r4, r1, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r5], 0x0, 0x10, 0x8}, 0x90)

[  142.872198][ T3212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  142.880010][ T3212] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  142.887820][ T3212] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  142.895630][ T3212] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  142.903448][ T3212]  </TASK>
21:57:57 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  142.977260][ T3227] FAULT_INJECTION: forcing a failure.
[  142.977260][ T3227] name failslab, interval 1, probability 0, space 0, times 0
[  142.990010][ T3227] CPU: 1 PID: 3227 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  143.000080][ T3227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  143.009970][ T3227] Call Trace:
[  143.013100][ T3227]  <TASK>
[  143.015872][ T3227]  dump_stack_lvl+0x151/0x1b7
[  143.020394][ T3227]  ? io_uring_drop_tctx_refs+0x190/0x190
[  143.025853][ T3227]  ? avc_denied+0x1b0/0x1b0
[  143.030196][ T3227]  dump_stack+0x15/0x17
[  143.034187][ T3227]  should_fail+0x3c6/0x510
[  143.038440][ T3227]  __should_failslab+0xa4/0xe0
[  143.043037][ T3227]  ? vm_area_dup+0x26/0x230
[  143.047379][ T3227]  should_failslab+0x9/0x20
[  143.051717][ T3227]  slab_pre_alloc_hook+0x37/0xd0
[  143.056492][ T3227]  ? vm_area_dup+0x26/0x230
[  143.060830][ T3227]  kmem_cache_alloc+0x44/0x200
[  143.065431][ T3227]  vm_area_dup+0x26/0x230
[  143.069600][ T3227]  copy_mm+0x9a1/0x13e0
[  143.073592][ T3227]  ? copy_signal+0x610/0x610
[  143.078018][ T3227]  ? __init_rwsem+0xd6/0x1c0
[  143.082444][ T3227]  ? copy_signal+0x4e3/0x610
[  143.086870][ T3227]  copy_process+0x1149/0x3290
[  143.091383][ T3227]  ? proc_fail_nth_write+0x20b/0x290
[  143.096508][ T3227]  ? fsnotify_perm+0x6a/0x5d0
[  143.101019][ T3227]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  143.105966][ T3227]  ? vfs_write+0x9ec/0x1110
[  143.110306][ T3227]  kernel_clone+0x21e/0x9e0
[  143.114643][ T3227]  ? file_end_write+0x1c0/0x1c0
[  143.119333][ T3227]  ? create_io_thread+0x1e0/0x1e0
[  143.124190][ T3227]  ? mutex_unlock+0xb2/0x260
[  143.128622][ T3227]  ? __mutex_lock_slowpath+0x10/0x10
[  143.133737][ T3227]  __x64_sys_clone+0x23f/0x290
[  143.138339][ T3227]  ? __do_sys_vfork+0x130/0x130
[  143.143024][ T3227]  ? ksys_write+0x260/0x2c0
[  143.147366][ T3227]  ? debug_smp_processor_id+0x17/0x20
[  143.152571][ T3227]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  143.158474][ T3227]  ? exit_to_user_mode_prepare+0x39/0xa0
[  143.163944][ T3227]  do_syscall_64+0x3d/0xb0
[  143.168196][ T3227]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  143.173923][ T3227] RIP: 0033:0x7faae203fda9
[  143.178180][ T3227] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  143.197616][ T3227] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  143.205864][ T3227] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  143.213672][ T3227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
21:57:58 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x8000000000000, 0x0, 0x0, 0x0)

21:57:58 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 75)

21:57:58 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:58 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10) (async, rerun: 64)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@ptr={0xf, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x5f, 0x0, 0x2e]}}, &(0x7f0000000340)=""/162, 0x29, 0xa2, 0x1, 0x401}, 0x20) (rerun: 64)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0x9, <r4=>0x0}, 0x8) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x8000}, [@tail_call]}, &(0x7f0000000040)='GPL\x00', 0x0, 0xdd, &(0x7f0000000180)=""/221, 0x40f00, 0x40, '\x00', r2, 0x1d, r3, 0x8, &(0x7f0000000440)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xe, 0x7, 0x583}, 0x10, r4, r1, 0x0, &(0x7f00000005c0)=[r0, r0, r0, r0, r5], 0x0, 0x10, 0x8}, 0x90)

[  143.221484][ T3227] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  143.229297][ T3227] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  143.237111][ T3227] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  143.244924][ T3227]  </TASK>
21:57:58 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x50fab5242a0000, 0x0, 0x0, 0x0)

[  143.293967][ T3231] FAULT_INJECTION: forcing a failure.
[  143.293967][ T3231] name failslab, interval 1, probability 0, space 0, times 0
21:57:58 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4048, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4000, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000d40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x11}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r1, 0xe0, &(0x7f0000000340)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r6=>0x0, 0x6c, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0xab, 0x8, 0x0, 0x0}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="1802000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="000000000000002500000095000000000000007e43b92d7160a0bd6121bed427ff3c75fd10af2760c92e94381b8274c4b4db0b34ef892c785954102ed3a66a82a6ff8183a4db7074f7534fb34f28afdc9c2403bc50ee93a3938a46b79628fb"], &(0x7f0000000040)='GPL\x00'}, 0x80)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180806000000a5e4f8900106a836a226fc01040002000000000000000018110000727520c89152852730b71b", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b8af8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbfa400000000000007040000f0ffffff74020000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000008000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x0, 0xb, &(0x7f00000005c0)=ANY=[@ANYRES8=r8, @ANYRES64, @ANYRES32=r3, @ANYRESOCT=r5, @ANYRES8=r0, @ANYRESOCT=r4, @ANYRESOCT=r6, @ANYRESHEX=r9], 0x0, 0x0, 0x91, &(0x7f0000000b00)=""/145, 0x41100, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040))
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', r5, r10, 0x4, 0x4, 0x3}, 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x9, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x88}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x400}]}, &(0x7f0000000300)='syzkaller\x00', 0x1, 0xa, &(0x7f0000000480)=""/10, 0x40f00, 0x21, '\x00', r5, 0x0, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x1, 0xc, 0xf8000000, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000580)=[r11, r7, r11, r9], &(0x7f0000000680)=[{0x1, 0x5, 0x7, 0xc}, {0x3, 0x5, 0x4, 0xc}, {0x1, 0x4, 0xf, 0x9}, {0x5, 0x5, 0x0, 0x6}, {0x3, 0x1, 0xb, 0x6}, {0x4, 0x0, 0x1, 0xc}], 0x10, 0x8}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r12}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  143.339988][ T3231] CPU: 0 PID: 3231 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  143.350101][ T3231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  143.359997][ T3231] Call Trace:
[  143.363121][ T3231]  <TASK>
[  143.365898][ T3231]  dump_stack_lvl+0x151/0x1b7
[  143.370412][ T3231]  ? io_uring_drop_tctx_refs+0x190/0x190
[  143.375894][ T3231]  dump_stack+0x15/0x17
[  143.379872][ T3231]  should_fail+0x3c6/0x510
[  143.384121][ T3231]  __should_failslab+0xa4/0xe0
[  143.388725][ T3231]  ? anon_vma_clone+0x9a/0x500
[  143.393322][ T3231]  should_failslab+0x9/0x20
[  143.397658][ T3231]  slab_pre_alloc_hook+0x37/0xd0
[  143.402432][ T3231]  ? anon_vma_clone+0x9a/0x500
[  143.407032][ T3231]  kmem_cache_alloc+0x44/0x200
[  143.411633][ T3231]  anon_vma_clone+0x9a/0x500
[  143.416148][ T3231]  anon_vma_fork+0x91/0x4e0
[  143.420503][ T3231]  ? anon_vma_name+0x4c/0x70
[  143.424911][ T3231]  ? vm_area_dup+0x17a/0x230
[  143.429341][ T3231]  copy_mm+0xa3a/0x13e0
[  143.433331][ T3231]  ? copy_signal+0x610/0x610
[  143.437756][ T3231]  ? __init_rwsem+0xd6/0x1c0
[  143.442182][ T3231]  ? copy_signal+0x4e3/0x610
[  143.446609][ T3231]  copy_process+0x1149/0x3290
[  143.451122][ T3231]  ? proc_fail_nth_write+0x20b/0x290
[  143.456250][ T3231]  ? fsnotify_perm+0x6a/0x5d0
[  143.460760][ T3231]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  143.465710][ T3231]  ? vfs_write+0x9ec/0x1110
[  143.470049][ T3231]  kernel_clone+0x21e/0x9e0
[  143.474388][ T3231]  ? file_end_write+0x1c0/0x1c0
[  143.479069][ T3231]  ? create_io_thread+0x1e0/0x1e0
[  143.483929][ T3231]  ? mutex_unlock+0xb2/0x260
[  143.488355][ T3231]  ? __mutex_lock_slowpath+0x10/0x10
[  143.493478][ T3231]  __x64_sys_clone+0x23f/0x290
[  143.498081][ T3231]  ? __do_sys_vfork+0x130/0x130
[  143.502892][ T3231]  ? ksys_write+0x260/0x2c0
[  143.507218][ T3231]  ? debug_smp_processor_id+0x17/0x20
[  143.512448][ T3231]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  143.518327][ T3231]  ? exit_to_user_mode_prepare+0x39/0xa0
[  143.523793][ T3231]  do_syscall_64+0x3d/0xb0
[  143.528046][ T3231]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  143.533777][ T3231] RIP: 0033:0x7faae203fda9
[  143.538033][ T3231] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  143.557468][ T3231] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  143.565713][ T3231] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  143.573527][ T3231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  143.581336][ T3231] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:57:58 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:58 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 76)

[  143.589154][ T3231] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  143.597078][ T3231] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  143.604891][ T3231]  </TASK>
21:57:58 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xa05e253a550000, 0x0, 0x0, 0x0)

[  143.695634][ T3249] FAULT_INJECTION: forcing a failure.
[  143.695634][ T3249] name failslab, interval 1, probability 0, space 0, times 0
[  143.719462][ T3249] CPU: 0 PID: 3249 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  143.729548][ T3249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  143.739446][ T3249] Call Trace:
[  143.742569][ T3249]  <TASK>
[  143.745341][ T3249]  dump_stack_lvl+0x151/0x1b7
[  143.749859][ T3249]  ? io_uring_drop_tctx_refs+0x190/0x190
[  143.755327][ T3249]  dump_stack+0x15/0x17
[  143.759313][ T3249]  should_fail+0x3c6/0x510
[  143.763571][ T3249]  __should_failslab+0xa4/0xe0
[  143.768166][ T3249]  ? anon_vma_clone+0x9a/0x500
[  143.772769][ T3249]  should_failslab+0x9/0x20
[  143.777107][ T3249]  slab_pre_alloc_hook+0x37/0xd0
[  143.781882][ T3249]  ? anon_vma_clone+0x9a/0x500
[  143.786483][ T3249]  kmem_cache_alloc+0x44/0x200
[  143.791082][ T3249]  anon_vma_clone+0x9a/0x500
[  143.795510][ T3249]  anon_vma_fork+0x91/0x4e0
[  143.799850][ T3249]  ? anon_vma_name+0x43/0x70
[  143.804362][ T3249]  ? vm_area_dup+0x17a/0x230
[  143.808785][ T3249]  copy_mm+0xa3a/0x13e0
[  143.812782][ T3249]  ? copy_signal+0x610/0x610
[  143.817210][ T3249]  ? __init_rwsem+0xd6/0x1c0
[  143.821631][ T3249]  ? copy_signal+0x4e3/0x610
[  143.826060][ T3249]  copy_process+0x1149/0x3290
[  143.830575][ T3249]  ? proc_fail_nth_write+0x20b/0x290
[  143.835781][ T3249]  ? fsnotify_perm+0x6a/0x5d0
[  143.840296][ T3249]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  143.845241][ T3249]  ? vfs_write+0x9ec/0x1110
[  143.849581][ T3249]  kernel_clone+0x21e/0x9e0
[  143.853918][ T3249]  ? file_end_write+0x1c0/0x1c0
[  143.858609][ T3249]  ? create_io_thread+0x1e0/0x1e0
[  143.863561][ T3249]  ? mutex_unlock+0xb2/0x260
[  143.867981][ T3249]  ? __mutex_lock_slowpath+0x10/0x10
[  143.873106][ T3249]  __x64_sys_clone+0x23f/0x290
[  143.877700][ T3249]  ? __do_sys_vfork+0x130/0x130
[  143.882400][ T3249]  ? ksys_write+0x260/0x2c0
[  143.886848][ T3249]  ? debug_smp_processor_id+0x17/0x20
21:57:58 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xf0810f1b000000, 0x0, 0x0, 0x0)

[  143.892057][ T3249]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  143.897961][ T3249]  ? exit_to_user_mode_prepare+0x39/0xa0
[  143.903426][ T3249]  do_syscall_64+0x3d/0xb0
[  143.907679][ T3249]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  143.913409][ T3249] RIP: 0033:0x7faae203fda9
[  143.917663][ T3249] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  143.937105][ T3249] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:57:58 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4048, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4000, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) (async, rerun: 64)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000d40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x11}, 0x90) (rerun: 64)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r1, 0xe0, &(0x7f0000000340)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r6=>0x0, 0x6c, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0xab, 0x8, 0x0, 0x0}}, 0x10) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="1802000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="000000000000002500000095000000000000007e43b92d7160a0bd6121bed427ff3c75fd10af2760c92e94381b8274c4b4db0b34ef892c785954102ed3a66a82a6ff8183a4db7074f7534fb34f28afdc9c2403bc50ee93a3938a46b79628fb"], &(0x7f0000000040)='GPL\x00'}, 0x80) (async, rerun: 64)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180806000000a5e4f8900106a836a226fc01040002000000000000000018110000727520c89152852730b71b", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b8af8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbfa400000000000007040000f0ffffff74020000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000008000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x0, 0xb, &(0x7f00000005c0)=ANY=[@ANYRES8=r8, @ANYRES64, @ANYRES32=r3, @ANYRESOCT=r5, @ANYRES8=r0, @ANYRESOCT=r4, @ANYRESOCT=r6, @ANYRESHEX=r9], 0x0, 0x0, 0x91, &(0x7f0000000b00)=""/145, 0x41100, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040))
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', r5, r10, 0x4, 0x4, 0x3}, 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x9, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x88}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x400}]}, &(0x7f0000000300)='syzkaller\x00', 0x1, 0xa, &(0x7f0000000480)=""/10, 0x40f00, 0x21, '\x00', r5, 0x0, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x1, 0xc, 0xf8000000, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000580)=[r11, r7, r11, r9], &(0x7f0000000680)=[{0x1, 0x5, 0x7, 0xc}, {0x3, 0x5, 0x4, 0xc}, {0x1, 0x4, 0xf, 0x9}, {0x5, 0x5, 0x0, 0x6}, {0x3, 0x1, 0xb, 0x6}, {0x4, 0x0, 0x1, 0xc}], 0x10, 0x8}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r12}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  143.945351][ T3249] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  143.953276][ T3249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  143.961088][ T3249] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  143.968897][ T3249] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  143.976710][ T3249] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  143.984525][ T3249]  </TASK>
21:57:58 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:58 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 77)

21:57:58 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:58 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xf0ff1f00000000, 0x0, 0x0, 0x0)

21:57:58 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  144.082083][ T3265] FAULT_INJECTION: forcing a failure.
[  144.082083][ T3265] name failslab, interval 1, probability 0, space 0, times 0
[  144.141167][ T3265] CPU: 0 PID: 3265 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  144.151347][ T3265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  144.161246][ T3265] Call Trace:
[  144.164364][ T3265]  <TASK>
[  144.167140][ T3265]  dump_stack_lvl+0x151/0x1b7
[  144.171657][ T3265]  ? io_uring_drop_tctx_refs+0x190/0x190
[  144.177127][ T3265]  dump_stack+0x15/0x17
[  144.181120][ T3265]  should_fail+0x3c6/0x510
[  144.185371][ T3265]  __should_failslab+0xa4/0xe0
21:57:59 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4048, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4000, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000d40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x11}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r1, 0xe0, &(0x7f0000000340)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r6=>0x0, 0x6c, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0xab, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="1802000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="000000000000002500000095000000000000007e43b92d7160a0bd6121bed427ff3c75fd10af2760c92e94381b8274c4b4db0b34ef892c785954102ed3a66a82a6ff8183a4db7074f7534fb34f28afdc9c2403bc50ee93a3938a46b79628fb"], &(0x7f0000000040)='GPL\x00'}, 0x80)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180806000000a5e4f8900106a836a226fc01040002000000000000000018110000727520c89152852730b71b", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b8af8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbfa400000000000007040000f0ffffff74020000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000008000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x0, 0xb, &(0x7f00000005c0)=ANY=[@ANYRES8=r8, @ANYRES64, @ANYRES32=r3, @ANYRESOCT=r5, @ANYRES8=r0, @ANYRESOCT=r4, @ANYRESOCT=r6, @ANYRESHEX=r9], 0x0, 0x0, 0x91, &(0x7f0000000b00)=""/145, 0x41100, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040)) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r10, 0x4030582a, &(0x7f0000000040))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', r5, r10, 0x4, 0x4, 0x3}, 0x48) (async)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', r5, r10, 0x4, 0x4, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x9, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x88}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x400}]}, &(0x7f0000000300)='syzkaller\x00', 0x1, 0xa, &(0x7f0000000480)=""/10, 0x40f00, 0x21, '\x00', r5, 0x0, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x1, 0xc, 0xf8000000, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000580)=[r11, r7, r11, r9], &(0x7f0000000680)=[{0x1, 0x5, 0x7, 0xc}, {0x3, 0x5, 0x4, 0xc}, {0x1, 0x4, 0xf, 0x9}, {0x5, 0x5, 0x0, 0x6}, {0x3, 0x1, 0xb, 0x6}, {0x4, 0x0, 0x1, 0xc}], 0x10, 0x8}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r12}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  144.189971][ T3265]  ? anon_vma_fork+0x1df/0x4e0
[  144.194568][ T3265]  should_failslab+0x9/0x20
[  144.198914][ T3265]  slab_pre_alloc_hook+0x37/0xd0
[  144.203680][ T3265]  ? anon_vma_fork+0x1df/0x4e0
[  144.208283][ T3265]  kmem_cache_alloc+0x44/0x200
[  144.212882][ T3265]  anon_vma_fork+0x1df/0x4e0
[  144.217309][ T3265]  copy_mm+0xa3a/0x13e0
[  144.221301][ T3265]  ? copy_signal+0x610/0x610
[  144.225728][ T3265]  ? __init_rwsem+0xd6/0x1c0
[  144.230155][ T3265]  ? copy_signal+0x4e3/0x610
[  144.234581][ T3265]  copy_process+0x1149/0x3290
[  144.239093][ T3265]  ? proc_fail_nth_write+0x20b/0x290
[  144.244215][ T3265]  ? fsnotify_perm+0x6a/0x5d0
[  144.248729][ T3265]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  144.253677][ T3265]  ? vfs_write+0x9ec/0x1110
[  144.258018][ T3265]  kernel_clone+0x21e/0x9e0
[  144.262355][ T3265]  ? file_end_write+0x1c0/0x1c0
[  144.267046][ T3265]  ? create_io_thread+0x1e0/0x1e0
[  144.271896][ T3265]  ? mutex_unlock+0xb2/0x260
[  144.276329][ T3265]  ? __mutex_lock_slowpath+0x10/0x10
[  144.281449][ T3265]  __x64_sys_clone+0x23f/0x290
[  144.286056][ T3265]  ? __do_sys_vfork+0x130/0x130
[  144.290734][ T3265]  ? ksys_write+0x260/0x2c0
[  144.295073][ T3265]  ? debug_smp_processor_id+0x17/0x20
[  144.300280][ T3265]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  144.306186][ T3265]  ? exit_to_user_mode_prepare+0x39/0xa0
[  144.311656][ T3265]  do_syscall_64+0x3d/0xb0
[  144.315907][ T3265]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  144.321633][ T3265] RIP: 0033:0x7faae203fda9
[  144.325894][ T3265] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  144.345461][ T3265] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  144.353701][ T3265] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  144.361700][ T3265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  144.369509][ T3265] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  144.377318][ T3265] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:57:59 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x100000000000000, 0x0, 0x0, 0x0)

21:57:59 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 78)

[  144.385131][ T3265] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  144.392946][ T3265]  </TASK>
21:57:59 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x200000000000000, 0x0, 0x0, 0x0)

[  144.459461][ T3281] FAULT_INJECTION: forcing a failure.
[  144.459461][ T3281] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  144.476051][ T3281] CPU: 0 PID: 3281 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  144.486123][ T3281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  144.496104][ T3281] Call Trace:
[  144.499227][ T3281]  <TASK>
[  144.502004][ T3281]  dump_stack_lvl+0x151/0x1b7
[  144.506518][ T3281]  ? io_uring_drop_tctx_refs+0x190/0x190
[  144.511984][ T3281]  dump_stack+0x15/0x17
[  144.515986][ T3281]  should_fail+0x3c6/0x510
[  144.520231][ T3281]  should_fail_alloc_page+0x5a/0x80
[  144.525265][ T3281]  prepare_alloc_pages+0x15c/0x700
[  144.530215][ T3281]  ? __alloc_pages_bulk+0xe40/0xe40
[  144.535244][ T3281]  __alloc_pages+0x18c/0x8f0
[  144.539670][ T3281]  ? prep_new_page+0x110/0x110
[  144.544270][ T3281]  ? stack_trace_save+0x1c0/0x1c0
[  144.549128][ T3281]  ? __kernel_text_address+0x9b/0x110
[  144.554335][ T3281]  pte_alloc_one+0x73/0x1b0
[  144.558678][ T3281]  ? pfn_modify_allowed+0x2f0/0x2f0
[  144.563709][ T3281]  __pte_alloc+0x86/0x350
[  144.567875][ T3281]  ? free_pgtables+0x280/0x280
[  144.572474][ T3281]  ? __stack_depot_save+0x34/0x470
[  144.577421][ T3281]  ? anon_vma_clone+0x9a/0x500
[  144.582031][ T3281]  copy_page_range+0x28a8/0x2f90
[  144.586796][ T3281]  ? __kasan_slab_alloc+0xb1/0xe0
[  144.591655][ T3281]  ? slab_post_alloc_hook+0x53/0x2c0
[  144.596777][ T3281]  ? kernel_clone+0x21e/0x9e0
[  144.601292][ T3281]  ? do_syscall_64+0x3d/0xb0
[  144.605716][ T3281]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  144.611629][ T3281]  ? pfn_valid+0x1e0/0x1e0
[  144.615874][ T3281]  ? rwsem_write_trylock+0x15b/0x290
[  144.620993][ T3281]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  144.627241][ T3281]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  144.632798][ T3281]  ? __rb_insert_augmented+0x5de/0x610
[  144.638093][ T3281]  copy_mm+0xc7e/0x13e0
[  144.642088][ T3281]  ? copy_signal+0x610/0x610
[  144.646513][ T3281]  ? __init_rwsem+0xd6/0x1c0
[  144.650935][ T3281]  ? copy_signal+0x4e3/0x610
[  144.655365][ T3281]  copy_process+0x1149/0x3290
[  144.659877][ T3281]  ? proc_fail_nth_write+0x20b/0x290
[  144.664999][ T3281]  ? fsnotify_perm+0x6a/0x5d0
[  144.669513][ T3281]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  144.674458][ T3281]  ? vfs_write+0x9ec/0x1110
[  144.678796][ T3281]  kernel_clone+0x21e/0x9e0
[  144.683134][ T3281]  ? file_end_write+0x1c0/0x1c0
[  144.687824][ T3281]  ? create_io_thread+0x1e0/0x1e0
[  144.692682][ T3281]  ? mutex_unlock+0xb2/0x260
[  144.697113][ T3281]  ? __mutex_lock_slowpath+0x10/0x10
[  144.702230][ T3281]  __x64_sys_clone+0x23f/0x290
[  144.706831][ T3281]  ? __do_sys_vfork+0x130/0x130
[  144.711515][ T3281]  ? ksys_write+0x260/0x2c0
[  144.715858][ T3281]  ? debug_smp_processor_id+0x17/0x20
[  144.721065][ T3281]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  144.727104][ T3281]  ? exit_to_user_mode_prepare+0x39/0xa0
[  144.732568][ T3281]  do_syscall_64+0x3d/0xb0
[  144.736823][ T3281]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  144.742555][ T3281] RIP: 0033:0x7faae203fda9
[  144.746814][ T3281] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  144.766247][ T3281] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  144.774493][ T3281] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  144.782304][ T3281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  144.790113][ T3281] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  144.797939][ T3281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  144.805747][ T3281] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
21:57:59 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 79)

21:57:59 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:59 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  144.813554][ T3281]  </TASK>
21:57:59 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x700000000000000, 0x0, 0x0, 0x0)

21:57:59 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  144.881656][ T3290] FAULT_INJECTION: forcing a failure.
[  144.881656][ T3290] name failslab, interval 1, probability 0, space 0, times 0
[  144.914578][ T3290] CPU: 0 PID: 3290 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  144.924669][ T3290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  144.934569][ T3290] Call Trace:
[  144.937689][ T3290]  <TASK>
[  144.940464][ T3290]  dump_stack_lvl+0x151/0x1b7
[  144.944978][ T3290]  ? io_uring_drop_tctx_refs+0x190/0x190
[  144.950449][ T3290]  ? avc_denied+0x1b0/0x1b0
[  144.954786][ T3290]  dump_stack+0x15/0x17
[  144.958777][ T3290]  should_fail+0x3c6/0x510
[  144.963031][ T3290]  __should_failslab+0xa4/0xe0
[  144.967630][ T3290]  ? vm_area_dup+0x26/0x230
[  144.971969][ T3290]  should_failslab+0x9/0x20
[  144.976315][ T3290]  slab_pre_alloc_hook+0x37/0xd0
21:57:59 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:57:59 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x800000000000000, 0x0, 0x0, 0x0)

[  144.981090][ T3290]  ? vm_area_dup+0x26/0x230
[  144.985424][ T3290]  kmem_cache_alloc+0x44/0x200
[  144.990025][ T3290]  vm_area_dup+0x26/0x230
[  144.994193][ T3290]  copy_mm+0x9a1/0x13e0
[  144.998189][ T3290]  ? copy_signal+0x610/0x610
[  145.002611][ T3290]  ? __init_rwsem+0xd6/0x1c0
[  145.007037][ T3290]  ? copy_signal+0x4e3/0x610
[  145.011462][ T3290]  copy_process+0x1149/0x3290
[  145.015981][ T3290]  ? proc_fail_nth_write+0x20b/0x290
[  145.021097][ T3290]  ? fsnotify_perm+0x6a/0x5d0
[  145.025610][ T3290]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  145.030555][ T3290]  ? vfs_write+0x9ec/0x1110
[  145.034896][ T3290]  kernel_clone+0x21e/0x9e0
[  145.039233][ T3290]  ? file_end_write+0x1c0/0x1c0
[  145.043918][ T3290]  ? create_io_thread+0x1e0/0x1e0
[  145.048778][ T3290]  ? mutex_unlock+0xb2/0x260
[  145.053209][ T3290]  ? __mutex_lock_slowpath+0x10/0x10
[  145.058327][ T3290]  __x64_sys_clone+0x23f/0x290
[  145.062925][ T3290]  ? __do_sys_vfork+0x130/0x130
[  145.067613][ T3290]  ? ksys_write+0x260/0x2c0
[  145.071956][ T3290]  ? debug_smp_processor_id+0x17/0x20
[  145.077163][ T3290]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  145.083063][ T3290]  ? exit_to_user_mode_prepare+0x39/0xa0
[  145.088529][ T3290]  do_syscall_64+0x3d/0xb0
[  145.092782][ T3290]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  145.098509][ T3290] RIP: 0033:0x7faae203fda9
[  145.102763][ T3290] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  145.122205][ T3290] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:58:00 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:00 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 80)

[  145.130448][ T3290] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  145.138259][ T3290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  145.146074][ T3290] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  145.153882][ T3290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  145.161695][ T3290] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  145.169508][ T3290]  </TASK>
21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x900000000000000, 0x0, 0x0, 0x0)

[  145.223462][ T3308] FAULT_INJECTION: forcing a failure.
[  145.223462][ T3308] name failslab, interval 1, probability 0, space 0, times 0
[  145.246235][ T3308] CPU: 0 PID: 3308 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  145.256314][ T3308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  145.266210][ T3308] Call Trace:
[  145.269332][ T3308]  <TASK>
[  145.272109][ T3308]  dump_stack_lvl+0x151/0x1b7
[  145.276620][ T3308]  ? io_uring_drop_tctx_refs+0x190/0x190
[  145.282090][ T3308]  dump_stack+0x15/0x17
[  145.286081][ T3308]  should_fail+0x3c6/0x510
[  145.290333][ T3308]  __should_failslab+0xa4/0xe0
[  145.294936][ T3308]  ? anon_vma_clone+0x9a/0x500
[  145.299537][ T3308]  should_failslab+0x9/0x20
[  145.303872][ T3308]  slab_pre_alloc_hook+0x37/0xd0
[  145.308646][ T3308]  ? anon_vma_clone+0x9a/0x500
[  145.313244][ T3308]  kmem_cache_alloc+0x44/0x200
[  145.317846][ T3308]  anon_vma_clone+0x9a/0x500
[  145.322273][ T3308]  anon_vma_fork+0x91/0x4e0
[  145.326610][ T3308]  ? anon_vma_name+0x43/0x70
[  145.331039][ T3308]  ? vm_area_dup+0x17a/0x230
[  145.335464][ T3308]  copy_mm+0xa3a/0x13e0
[  145.339461][ T3308]  ? copy_signal+0x610/0x610
[  145.343882][ T3308]  ? __init_rwsem+0xd6/0x1c0
[  145.348309][ T3308]  ? copy_signal+0x4e3/0x610
[  145.352735][ T3308]  copy_process+0x1149/0x3290
[  145.357251][ T3308]  ? proc_fail_nth_write+0x20b/0x290
[  145.362370][ T3308]  ? fsnotify_perm+0x6a/0x5d0
[  145.366884][ T3308]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  145.371833][ T3308]  ? vfs_write+0x9ec/0x1110
[  145.376171][ T3308]  kernel_clone+0x21e/0x9e0
[  145.380514][ T3308]  ? file_end_write+0x1c0/0x1c0
[  145.385197][ T3308]  ? create_io_thread+0x1e0/0x1e0
[  145.390060][ T3308]  ? mutex_unlock+0xb2/0x260
[  145.394499][ T3308]  ? __mutex_lock_slowpath+0x10/0x10
[  145.399606][ T3308]  __x64_sys_clone+0x23f/0x290
[  145.404206][ T3308]  ? __do_sys_vfork+0x130/0x130
[  145.408890][ T3308]  ? ksys_write+0x260/0x2c0
[  145.413235][ T3308]  ? debug_smp_processor_id+0x17/0x20
[  145.418441][ T3308]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  145.424340][ T3308]  ? exit_to_user_mode_prepare+0x39/0xa0
[  145.429810][ T3308]  do_syscall_64+0x3d/0xb0
[  145.434066][ T3308]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  145.439797][ T3308] RIP: 0033:0x7faae203fda9
[  145.444047][ T3308] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  145.463488][ T3308] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
21:58:00 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

21:58:00 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x1f00000000000000, 0x0, 0x0, 0x0)

[  145.471818][ T3308] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  145.479627][ T3308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  145.487437][ T3308] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  145.495248][ T3308] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  145.503068][ T3308] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  145.510885][ T3308]  </TASK>
21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0)

21:58:00 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x31000100, &(0x7f0000000200)="30b1905fa6b9259e86b1754595f83c82daf1d609cbc138175aa817b20baac0408065857f1f7d162681aa064c6e6a7ba2b6867ec90640fee5c507023fa2c8dc3d2f6727bd8931c925add7006f94d40cf8a746b144ec42d31e5c6511f426f9", 0x5e, &(0x7f0000000100), &(0x7f0000000280), &(0x7f00000002c0)="02faea6110e2b0056cd080cab99e0a8ea08b6e04f0a1250481cf8a8eec485f3e6ac4792a2934957e6c2dce7456f98cec864ee955a38c49fed7a65c02e8cbe07dc18a4b609eacb16439fbe887aeac318cf59ea6cc1e58262b6e6248100e000a47ca8bbe6988fae2a1ef9e871cffc480c7c886d336e4319019cfa791d2af72fcebf980d08e3a8e65663112d807c9d967854e59074967039de207f64b19c0e2a5ef75c48fa272c010ceb54264d525319268a6edfe0958ab5f8038cffb85efafc92523a065051d46bbbd2f2e81f946e2d2e4012a46293ccd1dacbcff8fea6a1c17849f132bddd56692bc48c92c0bb9d8f62b7a495ec0dfe150093f")
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x7, 0x3, 0x7, 0x0, 0x7, 0x80002, 0x8, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x208, 0x1, 0x818d, 0x7, 0x9, 0x27, 0x1, 0x0, 0x2, 0x0, 0x8}, r2, 0x7, r1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0)

21:58:00 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_clone(0x31000100, &(0x7f0000000200)="30b1905fa6b9259e86b1754595f83c82daf1d609cbc138175aa817b20baac0408065857f1f7d162681aa064c6e6a7ba2b6867ec90640fee5c507023fa2c8dc3d2f6727bd8931c925add7006f94d40cf8a746b144ec42d31e5c6511f426f9", 0x5e, &(0x7f0000000100), &(0x7f0000000280), &(0x7f00000002c0)="02faea6110e2b0056cd080cab99e0a8ea08b6e04f0a1250481cf8a8eec485f3e6ac4792a2934957e6c2dce7456f98cec864ee955a38c49fed7a65c02e8cbe07dc18a4b609eacb16439fbe887aeac318cf59ea6cc1e58262b6e6248100e000a47ca8bbe6988fae2a1ef9e871cffc480c7c886d336e4319019cfa791d2af72fcebf980d08e3a8e65663112d807c9d967854e59074967039de207f64b19c0e2a5ef75c48fa272c010ceb54264d525319268a6edfe0958ab5f8038cffb85efafc92523a065051d46bbbd2f2e81f946e2d2e4012a46293ccd1dacbcff8fea6a1c17849f132bddd56692bc48c92c0bb9d8f62b7a495ec0dfe150093f")
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x7, 0x3, 0x7, 0x0, 0x7, 0x80002, 0x8, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x208, 0x1, 0x818d, 0x7, 0x9, 0x27, 0x1, 0x0, 0x2, 0x0, 0x8}, r2, 0x7, r1, 0x0) (async)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x7, 0x3, 0x7, 0x0, 0x7, 0x80002, 0x8, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x208, 0x1, 0x818d, 0x7, 0x9, 0x27, 0x1, 0x0, 0x2, 0x0, 0x8}, r2, 0x7, r1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0)

21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x8c6502a0ffffffff, 0x0, 0x0, 0x0)

21:58:00 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xd8a802a0ffffffff, 0x0, 0x0, 0x0)

21:58:00 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x31000100, &(0x7f0000000200)="30b1905fa6b9259e86b1754595f83c82daf1d609cbc138175aa817b20baac0408065857f1f7d162681aa064c6e6a7ba2b6867ec90640fee5c507023fa2c8dc3d2f6727bd8931c925add7006f94d40cf8a746b144ec42d31e5c6511f426f9", 0x5e, &(0x7f0000000100), &(0x7f0000000280), &(0x7f00000002c0)="02faea6110e2b0056cd080cab99e0a8ea08b6e04f0a1250481cf8a8eec485f3e6ac4792a2934957e6c2dce7456f98cec864ee955a38c49fed7a65c02e8cbe07dc18a4b609eacb16439fbe887aeac318cf59ea6cc1e58262b6e6248100e000a47ca8bbe6988fae2a1ef9e871cffc480c7c886d336e4319019cfa791d2af72fcebf980d08e3a8e65663112d807c9d967854e59074967039de207f64b19c0e2a5ef75c48fa272c010ceb54264d525319268a6edfe0958ab5f8038cffb85efafc92523a065051d46bbbd2f2e81f946e2d2e4012a46293ccd1dacbcff8fea6a1c17849f132bddd56692bc48c92c0bb9d8f62b7a495ec0dfe150093f")
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x7, 0x3, 0x7, 0x0, 0x7, 0x80002, 0x8, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x208, 0x1, 0x818d, 0x7, 0x9, 0x27, 0x1, 0x0, 0x2, 0x0, 0x8}, r2, 0x7, r1, 0x0) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0)

21:58:00 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:00 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 81)

21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xf5ffffff00000000, 0x0, 0x0, 0x0)

21:58:00 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  145.807265][ T3344] FAULT_INJECTION: forcing a failure.
[  145.807265][ T3344] name failslab, interval 1, probability 0, space 0, times 0
[  145.853846][ T3344] CPU: 0 PID: 3344 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  145.863939][ T3344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  145.873840][ T3344] Call Trace:
[  145.876962][ T3344]  <TASK>
[  145.879737][ T3344]  dump_stack_lvl+0x151/0x1b7
[  145.884248][ T3344]  ? io_uring_drop_tctx_refs+0x190/0x190
[  145.889718][ T3344]  ? avc_denied+0x1b0/0x1b0
[  145.894058][ T3344]  dump_stack+0x15/0x17
[  145.898047][ T3344]  should_fail+0x3c6/0x510
21:58:00 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f0000000780)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, <r3=>r2}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52c61100, 0x4, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x8005, 0x800, 0x0, 0x686}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xd, 0xc7b8e7b5fa007d6, &(0x7f0000001380)=ANY=[@ANYRES8=r6, @ANYRES32, @ANYBLOB="000000000100000085000000790000003104bcff100000008c8489000000ac6d67b0d25f10330bff74f313b7ea980097721ef2d531c4f19939f8847322fce96b49e70fe090ec6d0dd2a960a6dc1050333e4d0dc1faa18376e229c97c8c611a5ec9e19d0fc9fec8ce24b3f6b3c5ef4be6088e9bb1a322ec3599de00ed50944781b2b6aa7c78a08c49d40d7c9a2bafb07c7bb735a7d69b02000000007210d1484d98c9387a8207a16f253e78e5ee38a2ef364494d7b713b3ed1d4668ff5a908e2e8ff30bdc29c60d068e5b56e07a84644b0cde3d4443d9f1d5101c464ea774b8ff84d87313b429ccd09ef8b359ea1e1a1e501156aafeffffff412b9ec9ebbea7420ff9d4ef0a7f87a93b120693bda0816ed18045867bd8bc2cdb14191e66391cf612b05a24a5a038ab80a0d9c8173f0849f7e955e77b1bf0058ad0d4d26cc7a0bb9bc0535e948fa3fcda3069edb84f38a9954c00f0a5440799e5443302630fa6d1506fad019771018288faecca31539f7ae6f8120451fc3d5369d952b0898221fbd547430fc1bcf3066f3bb11e51a44916690ed027c76bda415ce098257362cc8803a3d3404ce75a7502472f1c5526d472a2335a4270e4858f5a4a4cab4ffde7c8a076a732a367c22255e6ec3630086635aa68d53c2d8ce739bd1892b167ebacb3eeeba2c1cdb1a3246b77390200000000000043cf835b3ae16e618c869675d6bffc164e14ffaff3c60f4d5923e226fc4e7fd8a88ed8ed53d0fbf11c3ef414436e4277d969cb5517b6b89a0173778e39a80e3ce72be6f9ce0b2bfb6fc74b9cc98ccd12e064cb219dc78b4c558bfaf4e15fac6618c9d1be8fbd816dc81d81a5fd7c60a6b627d3a30800000030e3ee528f6e85ca80702fcab95794c8639655343fe15049ebd32d584bc20db8ab6413696b51f22f8caf39f91fc136c0660764eced60ce1b187cda5253fe556aeef1111865c628bd517a96f9e7a7ea5ecbdba5af851435c1cec21f3cbf9f4d46759800000000000000", @ANYRES8=0x0, @ANYRES32=r5], &(0x7f0000000500)='GPL\x00', 0x3, 0xde, &(0x7f00000007c0)=""/222, 0x41100, 0x51, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x6}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x6, 0x6, 0xd}, 0x10, 0xffffffffffffffff, r7, 0x0, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff, r4, r4]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xf, &(0x7f0000000800)=@raw=[@ringbuf_query, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x4d}, @exit], &(0x7f0000000880)='syzkaller\x00', 0x7f, 0x14, &(0x7f00000008c0)=""/20, 0x41000, 0x0, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000940)={0x4, 0xe, 0x2, 0x4}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000980)=[r0, r0, r0, r0], &(0x7f0000000a40)=[{0x0, 0x5, 0x3, 0x4}, {0x5, 0x3, 0x3, 0x9}, {0x2, 0x5, 0x0, 0x1}], 0x10, 0x6}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r8}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r8}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r0, 0x58, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x20, &(0x7f00000005c0)={&(0x7f0000000480)=""/110, 0x6e, <r12=>0x0, &(0x7f0000000500)=""/162, 0xa2}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x18, &(0x7f0000000240)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6bb}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}, @alu={0x4, 0x0, 0xa, 0x7, 0x2, 0x20}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff81, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x29, '\x00', r11, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x0, 0x1}, 0x10, r12, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[r0, r0], &(0x7f0000000680), 0x10, 0x5}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  145.902299][ T3344]  __should_failslab+0xa4/0xe0
[  145.906905][ T3344]  ? vm_area_dup+0x26/0x230
[  145.911241][ T3344]  should_failslab+0x9/0x20
[  145.915578][ T3344]  slab_pre_alloc_hook+0x37/0xd0
[  145.920378][ T3344]  ? vm_area_dup+0x26/0x230
[  145.924690][ T3344]  kmem_cache_alloc+0x44/0x200
[  145.929295][ T3344]  vm_area_dup+0x26/0x230
[  145.933462][ T3344]  copy_mm+0x9a1/0x13e0
[  145.937460][ T3344]  ? copy_signal+0x610/0x610
[  145.941882][ T3344]  ? __init_rwsem+0xd6/0x1c0
[  145.946305][ T3344]  ? copy_signal+0x4e3/0x610
[  145.950736][ T3344]  copy_process+0x1149/0x3290
[  145.955251][ T3344]  ? proc_fail_nth_write+0x20b/0x290
[  145.960380][ T3344]  ? fsnotify_perm+0x6a/0x5d0
[  145.964880][ T3344]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  145.969825][ T3344]  ? vfs_write+0x9ec/0x1110
[  145.974170][ T3344]  kernel_clone+0x21e/0x9e0
[  145.978505][ T3344]  ? file_end_write+0x1c0/0x1c0
[  145.983197][ T3344]  ? create_io_thread+0x1e0/0x1e0
[  145.988056][ T3344]  ? mutex_unlock+0xb2/0x260
[  145.992480][ T3344]  ? __mutex_lock_slowpath+0x10/0x10
[  145.997604][ T3344]  __x64_sys_clone+0x23f/0x290
[  146.002205][ T3344]  ? __do_sys_vfork+0x130/0x130
[  146.006889][ T3344]  ? ksys_write+0x260/0x2c0
[  146.011231][ T3344]  ? debug_smp_processor_id+0x17/0x20
[  146.016437][ T3344]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  146.022339][ T3344]  ? exit_to_user_mode_prepare+0x39/0xa0
[  146.027805][ T3344]  do_syscall_64+0x3d/0xb0
[  146.032232][ T3344]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  146.037962][ T3344] RIP: 0033:0x7faae203fda9
[  146.042218][ T3344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  146.061652][ T3344] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  146.069908][ T3344] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  146.077716][ T3344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  146.085520][ T3344] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  146.093332][ T3344] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
21:58:00 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xfbffffff00000000, 0x0, 0x0, 0x0)

21:58:00 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 82)

21:58:00 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  146.101146][ T3344] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  146.108962][ T3344]  </TASK>
21:58:01 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xffffffffa002658c, 0x0, 0x0, 0x0)

21:58:01 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  146.182156][ T3355] FAULT_INJECTION: forcing a failure.
[  146.182156][ T3355] name failslab, interval 1, probability 0, space 0, times 0
[  146.195676][ T3355] CPU: 1 PID: 3355 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  146.205841][ T3355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  146.215729][ T3355] Call Trace:
[  146.218856][ T3355]  <TASK>
[  146.221630][ T3355]  dump_stack_lvl+0x151/0x1b7
[  146.226147][ T3355]  ? io_uring_drop_tctx_refs+0x190/0x190
[  146.231616][ T3355]  dump_stack+0x15/0x17
[  146.235601][ T3355]  should_fail+0x3c6/0x510
[  146.239856][ T3355]  __should_failslab+0xa4/0xe0
[  146.244452][ T3355]  ? anon_vma_clone+0x9a/0x500
[  146.249051][ T3355]  should_failslab+0x9/0x20
[  146.253394][ T3355]  slab_pre_alloc_hook+0x37/0xd0
[  146.258164][ T3355]  ? anon_vma_clone+0x9a/0x500
[  146.262764][ T3355]  kmem_cache_alloc+0x44/0x200
[  146.267368][ T3355]  anon_vma_clone+0x9a/0x500
[  146.271791][ T3355]  anon_vma_fork+0x91/0x4e0
[  146.276131][ T3355]  ? anon_vma_name+0x4c/0x70
[  146.280560][ T3355]  ? vm_area_dup+0x17a/0x230
[  146.284985][ T3355]  copy_mm+0xa3a/0x13e0
[  146.288978][ T3355]  ? copy_signal+0x610/0x610
[  146.293401][ T3355]  ? __init_rwsem+0xd6/0x1c0
[  146.297828][ T3355]  ? copy_signal+0x4e3/0x610
[  146.302255][ T3355]  copy_process+0x1149/0x3290
[  146.306771][ T3355]  ? proc_fail_nth_write+0x20b/0x290
[  146.311896][ T3355]  ? fsnotify_perm+0x6a/0x5d0
[  146.316402][ T3355]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  146.321349][ T3355]  ? vfs_write+0x9ec/0x1110
[  146.325690][ T3355]  kernel_clone+0x21e/0x9e0
[  146.330028][ T3355]  ? file_end_write+0x1c0/0x1c0
[  146.334717][ T3355]  ? create_io_thread+0x1e0/0x1e0
[  146.339576][ T3355]  ? mutex_unlock+0xb2/0x260
[  146.344002][ T3355]  ? __mutex_lock_slowpath+0x10/0x10
[  146.349123][ T3355]  __x64_sys_clone+0x23f/0x290
[  146.353725][ T3355]  ? __do_sys_vfork+0x130/0x130
[  146.358408][ T3355]  ? ksys_write+0x260/0x2c0
[  146.362750][ T3355]  ? debug_smp_processor_id+0x17/0x20
[  146.367963][ T3355]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  146.373858][ T3355]  ? exit_to_user_mode_prepare+0x39/0xa0
[  146.379328][ T3355]  do_syscall_64+0x3d/0xb0
[  146.383581][ T3355]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  146.389307][ T3355] RIP: 0033:0x7faae203fda9
[  146.393562][ T3355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  146.413005][ T3355] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  146.421246][ T3355] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
21:58:01 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 83)

[  146.429062][ T3355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  146.436871][ T3355] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  146.444688][ T3355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  146.452492][ T3355] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  146.460422][ T3355]  </TASK>
21:58:01 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0xffffffffa002a8d8, 0x0, 0x0, 0x0)

[  146.645638][ T3361] FAULT_INJECTION: forcing a failure.
[  146.645638][ T3361] name failslab, interval 1, probability 0, space 0, times 0
[  146.680365][ T3361] CPU: 0 PID: 3361 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  146.690455][ T3361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  146.700349][ T3361] Call Trace:
[  146.703470][ T3361]  <TASK>
[  146.706245][ T3361]  dump_stack_lvl+0x151/0x1b7
[  146.710761][ T3361]  ? io_uring_drop_tctx_refs+0x190/0x190
[  146.716233][ T3361]  dump_stack+0x15/0x17
[  146.720221][ T3361]  should_fail+0x3c6/0x510
[  146.724476][ T3361]  __should_failslab+0xa4/0xe0
[  146.729076][ T3361]  ? anon_vma_fork+0xf7/0x4e0
[  146.733586][ T3361]  should_failslab+0x9/0x20
[  146.737927][ T3361]  slab_pre_alloc_hook+0x37/0xd0
[  146.742699][ T3361]  ? anon_vma_fork+0xf7/0x4e0
[  146.747212][ T3361]  kmem_cache_alloc+0x44/0x200
[  146.751821][ T3361]  anon_vma_fork+0xf7/0x4e0
[  146.756148][ T3361]  ? anon_vma_name+0x43/0x70
[  146.760575][ T3361]  ? vm_area_dup+0x17a/0x230
[  146.765002][ T3361]  copy_mm+0xa3a/0x13e0
[  146.768996][ T3361]  ? copy_signal+0x610/0x610
[  146.773421][ T3361]  ? __init_rwsem+0xd6/0x1c0
[  146.777849][ T3361]  ? copy_signal+0x4e3/0x610
[  146.782283][ T3361]  copy_process+0x1149/0x3290
[  146.786792][ T3361]  ? proc_fail_nth_write+0x20b/0x290
[  146.791913][ T3361]  ? fsnotify_perm+0x6a/0x5d0
[  146.796433][ T3361]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  146.801374][ T3361]  ? vfs_write+0x9ec/0x1110
[  146.805708][ T3361]  kernel_clone+0x21e/0x9e0
[  146.810047][ T3361]  ? file_end_write+0x1c0/0x1c0
[  146.814739][ T3361]  ? create_io_thread+0x1e0/0x1e0
[  146.819679][ T3361]  ? mutex_unlock+0xb2/0x260
[  146.824109][ T3361]  ? __mutex_lock_slowpath+0x10/0x10
[  146.829228][ T3361]  __x64_sys_clone+0x23f/0x290
[  146.833833][ T3361]  ? __do_sys_vfork+0x130/0x130
[  146.838515][ T3361]  ? ksys_write+0x260/0x2c0
[  146.842858][ T3361]  ? debug_smp_processor_id+0x17/0x20
[  146.848157][ T3361]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  146.854064][ T3361]  ? exit_to_user_mode_prepare+0x39/0xa0
[  146.859546][ T3361]  do_syscall_64+0x3d/0xb0
[  146.863780][ T3361]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  146.869519][ T3361] RIP: 0033:0x7faae203fda9
[  146.873759][ T3361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
21:58:01 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:01 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f0000000780)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, <r3=>r2}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52c61100, 0x4, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x8005, 0x800, 0x0, 0x686}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xd, 0xc7b8e7b5fa007d6, &(0x7f0000001380)=ANY=[@ANYRES8=r6, @ANYRES32, @ANYBLOB="000000000100000085000000790000003104bcff100000008c8489000000ac6d67b0d25f10330bff74f313b7ea980097721ef2d531c4f19939f8847322fce96b49e70fe090ec6d0dd2a960a6dc1050333e4d0dc1faa18376e229c97c8c611a5ec9e19d0fc9fec8ce24b3f6b3c5ef4be6088e9bb1a322ec3599de00ed50944781b2b6aa7c78a08c49d40d7c9a2bafb07c7bb735a7d69b02000000007210d1484d98c9387a8207a16f253e78e5ee38a2ef364494d7b713b3ed1d4668ff5a908e2e8ff30bdc29c60d068e5b56e07a84644b0cde3d4443d9f1d5101c464ea774b8ff84d87313b429ccd09ef8b359ea1e1a1e501156aafeffffff412b9ec9ebbea7420ff9d4ef0a7f87a93b120693bda0816ed18045867bd8bc2cdb14191e66391cf612b05a24a5a038ab80a0d9c8173f0849f7e955e77b1bf0058ad0d4d26cc7a0bb9bc0535e948fa3fcda3069edb84f38a9954c00f0a5440799e5443302630fa6d1506fad019771018288faecca31539f7ae6f8120451fc3d5369d952b0898221fbd547430fc1bcf3066f3bb11e51a44916690ed027c76bda415ce098257362cc8803a3d3404ce75a7502472f1c5526d472a2335a4270e4858f5a4a4cab4ffde7c8a076a732a367c22255e6ec3630086635aa68d53c2d8ce739bd1892b167ebacb3eeeba2c1cdb1a3246b77390200000000000043cf835b3ae16e618c869675d6bffc164e14ffaff3c60f4d5923e226fc4e7fd8a88ed8ed53d0fbf11c3ef414436e4277d969cb5517b6b89a0173778e39a80e3ce72be6f9ce0b2bfb6fc74b9cc98ccd12e064cb219dc78b4c558bfaf4e15fac6618c9d1be8fbd816dc81d81a5fd7c60a6b627d3a30800000030e3ee528f6e85ca80702fcab95794c8639655343fe15049ebd32d584bc20db8ab6413696b51f22f8caf39f91fc136c0660764eced60ce1b187cda5253fe556aeef1111865c628bd517a96f9e7a7ea5ecbdba5af851435c1cec21f3cbf9f4d46759800000000000000", @ANYRES8=0x0, @ANYRES32=r5], &(0x7f0000000500)='GPL\x00', 0x3, 0xde, &(0x7f00000007c0)=""/222, 0x41100, 0x51, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x6}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x6, 0x6, 0xd}, 0x10, 0xffffffffffffffff, r7, 0x0, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff, r4, r4]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xf, &(0x7f0000000800)=@raw=[@ringbuf_query, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x4d}, @exit], &(0x7f0000000880)='syzkaller\x00', 0x7f, 0x14, &(0x7f00000008c0)=""/20, 0x41000, 0x0, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000940)={0x4, 0xe, 0x2, 0x4}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000980)=[r0, r0, r0, r0], &(0x7f0000000a40)=[{0x0, 0x5, 0x3, 0x4}, {0x5, 0x3, 0x3, 0x9}, {0x2, 0x5, 0x0, 0x1}], 0x10, 0x6}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r8}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r8}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r0, 0x58, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x20, &(0x7f00000005c0)={&(0x7f0000000480)=""/110, 0x6e, <r12=>0x0, &(0x7f0000000500)=""/162, 0xa2}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x18, &(0x7f0000000240)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6bb}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}, @alu={0x4, 0x0, 0xa, 0x7, 0x2, 0x20}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff81, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x29, '\x00', r11, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x0, 0x1}, 0x10, r12, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[r0, r0], &(0x7f0000000680), 0x10, 0x5}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{}, &(0x7f0000000680), &(0x7f0000000780)}, 0x20) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, r2}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c) (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) (async)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52c61100, 0x4, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x8005, 0x800, 0x0, 0x686}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) (async)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xd, 0xc7b8e7b5fa007d6, &(0x7f0000001380)=ANY=[@ANYRES8=r6, @ANYRES32, @ANYBLOB="000000000100000085000000790000003104bcff100000008c8489000000ac6d67b0d25f10330bff74f313b7ea980097721ef2d531c4f19939f8847322fce96b49e70fe090ec6d0dd2a960a6dc1050333e4d0dc1faa18376e229c97c8c611a5ec9e19d0fc9fec8ce24b3f6b3c5ef4be6088e9bb1a322ec3599de00ed50944781b2b6aa7c78a08c49d40d7c9a2bafb07c7bb735a7d69b02000000007210d1484d98c9387a8207a16f253e78e5ee38a2ef364494d7b713b3ed1d4668ff5a908e2e8ff30bdc29c60d068e5b56e07a84644b0cde3d4443d9f1d5101c464ea774b8ff84d87313b429ccd09ef8b359ea1e1a1e501156aafeffffff412b9ec9ebbea7420ff9d4ef0a7f87a93b120693bda0816ed18045867bd8bc2cdb14191e66391cf612b05a24a5a038ab80a0d9c8173f0849f7e955e77b1bf0058ad0d4d26cc7a0bb9bc0535e948fa3fcda3069edb84f38a9954c00f0a5440799e5443302630fa6d1506fad019771018288faecca31539f7ae6f8120451fc3d5369d952b0898221fbd547430fc1bcf3066f3bb11e51a44916690ed027c76bda415ce098257362cc8803a3d3404ce75a7502472f1c5526d472a2335a4270e4858f5a4a4cab4ffde7c8a076a732a367c22255e6ec3630086635aa68d53c2d8ce739bd1892b167ebacb3eeeba2c1cdb1a3246b77390200000000000043cf835b3ae16e618c869675d6bffc164e14ffaff3c60f4d5923e226fc4e7fd8a88ed8ed53d0fbf11c3ef414436e4277d969cb5517b6b89a0173778e39a80e3ce72be6f9ce0b2bfb6fc74b9cc98ccd12e064cb219dc78b4c558bfaf4e15fac6618c9d1be8fbd816dc81d81a5fd7c60a6b627d3a30800000030e3ee528f6e85ca80702fcab95794c8639655343fe15049ebd32d584bc20db8ab6413696b51f22f8caf39f91fc136c0660764eced60ce1b187cda5253fe556aeef1111865c628bd517a96f9e7a7ea5ecbdba5af851435c1cec21f3cbf9f4d46759800000000000000", @ANYRES8=0x0, @ANYRES32=r5], &(0x7f0000000500)='GPL\x00', 0x3, 0xde, &(0x7f00000007c0)=""/222, 0x41100, 0x51, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x6}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x6, 0x6, 0xd}, 0x10, 0xffffffffffffffff, r7, 0x0, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff, r4, r4]}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xf, &(0x7f0000000800)=@raw=[@ringbuf_query, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x4d}, @exit], &(0x7f0000000880)='syzkaller\x00', 0x7f, 0x14, &(0x7f00000008c0)=""/20, 0x41000, 0x0, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000940)={0x4, 0xe, 0x2, 0x4}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000980)=[r0, r0, r0, r0], &(0x7f0000000a40)=[{0x0, 0x5, 0x3, 0x4}, {0x5, 0x3, 0x3, 0x9}, {0x2, 0x5, 0x0, 0x1}], 0x10, 0x6}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1}, &(0x7f0000000000), &(0x7f0000000040)=r8}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r8}, 0x20) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r0, 0x58, &(0x7f0000000340)}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x20, &(0x7f00000005c0)={&(0x7f0000000480)=""/110, 0x6e, 0x0, &(0x7f0000000500)=""/162, 0xa2}}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x18, &(0x7f0000000240)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6bb}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}, @alu={0x4, 0x0, 0xa, 0x7, 0x2, 0x20}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff81, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x29, '\x00', r11, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x0, 0x1}, 0x10, r12, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[r0, r0], &(0x7f0000000680), 0x10, 0x5}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

[  146.893203][ T3361] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  146.901448][ T3361] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  146.909252][ T3361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  146.917061][ T3361] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
[  146.924876][ T3361] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  146.932683][ T3361] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  146.940500][ T3361]  </TASK>
21:58:01 executing program 1:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 84)

21:58:01 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:01 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x8, 0x7f, 0x8, 0x0, 0x7da, 0x48000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0xe37, 0x79b}, 0xc90b, 0x6, 0x78a15952, 0x4, 0x8000, 0x101, 0xb9, 0x0, 0x1f, 0x0, 0x40000}, 0x0, 0xf, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000280)='syzkaller\x00')
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="180000e6e45af2ae934fcf2d00000000000a16ac000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000e51aa2b89500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000b8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0x7, 0x20}, 0xc)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
r4 = getpid()
r5 = perf_event_open$cgroup(&(0x7f0000000400)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f00000003c0)}, 0x12013, 0x1692, 0x9, 0x3, 0x655ab386, 0x101, 0x2, 0x0, 0x1, 0x0, 0x1000}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x5, 0x0, 0x3, 0x0, 0x2, 0xe2a01, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x1000, 0x5, 0x7, 0xd, 0x6, 0x4, 0x8000, 0x0, 0x1ff, 0x0, 0x7ff}, r4, 0xe, r5, 0x8)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x9, 0x6, 0x7, 0x1, 0x0, 0x0, 0x2338, 0x7, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x0, @perf_bp={&(0x7f0000000380), 0x1}, 0x100808, 0x100000000, 0x1, 0x7, 0x400, 0x20, 0x5, 0x0, 0xffffffff, 0x0, 0x4}, r4, 0x2, r1, 0xa)
r6 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0xff, 0x4, 0x12, 0x1, 0x0, 0x1, 0x11020, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x1, 0xffffffffffffffff}, 0x8000, 0x48, 0x8, 0x3, 0x9, 0xacb, 0xacb1, 0x0, 0x80000000, 0x0, 0x6}, 0xffffffffffffffff, 0xe, r0, 0x8)
r8 = perf_event_open(&(0x7f0000000000)={0x5, 0xc3, 0x6, 0x9, 0x4, 0x76, 0x0, 0x3f, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x101, 0x0, @perf_config_ext={0x7, 0x5}, 0x401, 0x0, 0x100, 0x1, 0x4000, 0x3, 0x101, 0x0, 0xa82, 0x0, 0xffffffffffffb6a9}, 0x0, 0x3, r7, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000540)=',-\x00')
r9 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x0, 0x4, 0x6, 0x0, 0xffffffff, 0x1004, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_config_ext={0x0, 0xbd5e}, 0x18400, 0x6, 0x80000000, 0x0, 0x800, 0x0, 0x47, 0x0, 0xe2, 0x0, 0x200}, r6, 0xd, r7, 0x9)
perf_event_open(&(0x7f0000000680)={0x4, 0x80, 0x2, 0x2, 0x1, 0x7, 0x0, 0x100000000, 0x80, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000640), 0x2}, 0x104, 0x9, 0x5, 0xd, 0xffffffffffffffff, 0x8b, 0x4, 0x0, 0x1}, r6, 0xb, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000005c0)={0x3, 0x80, 0x20, 0x4f, 0x3, 0x1, 0x0, 0x5, 0x4, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x9, 0x4, @perf_bp={&(0x7f0000000580), 0x93e6ff432a29df4d}, 0x81ce, 0x7, 0x8, 0x7, 0xff, 0x6, 0xfffb, 0x0, 0x347, 0x0, 0x7ff}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x90, 0xf4, 0x8, 0x0, 0x7, 0x12008, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext={0x7, 0x5}, 0x81048, 0x8, 0x4, 0x3, 0x5, 0x1, 0x2, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x10, r9, 0x9)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) (async)
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x8, 0x7f, 0x8, 0x0, 0x7da, 0x48000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0xe37, 0x79b}, 0xc90b, 0x6, 0x78a15952, 0x4, 0x8000, 0x101, 0xb9, 0x0, 0x1f, 0x0, 0x40000}, 0x0, 0xf, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000280)='syzkaller\x00')
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="180000e6e45af2ae934fcf2d00000000000a16ac000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000e51aa2b89500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000b8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0x7, 0x20}, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
getpid() (async)
r4 = getpid()
r5 = perf_event_open$cgroup(&(0x7f0000000400)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f00000003c0)}, 0x12013, 0x1692, 0x9, 0x3, 0x655ab386, 0x101, 0x2, 0x0, 0x1, 0x0, 0x1000}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x5, 0x0, 0x3, 0x0, 0x2, 0xe2a01, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x1000, 0x5, 0x7, 0xd, 0x6, 0x4, 0x8000, 0x0, 0x1ff, 0x0, 0x7ff}, r4, 0xe, r5, 0x8)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x9, 0x6, 0x7, 0x1, 0x0, 0x0, 0x2338, 0x7, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x0, @perf_bp={&(0x7f0000000380), 0x1}, 0x100808, 0x100000000, 0x1, 0x7, 0x400, 0x20, 0x5, 0x0, 0xffffffff, 0x0, 0x4}, r4, 0x2, r1, 0xa)
r6 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0xff, 0x4, 0x12, 0x1, 0x0, 0x1, 0x11020, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x1, 0xffffffffffffffff}, 0x8000, 0x48, 0x8, 0x3, 0x9, 0xacb, 0xacb1, 0x0, 0x80000000, 0x0, 0x6}, 0xffffffffffffffff, 0xe, r0, 0x8)
r8 = perf_event_open(&(0x7f0000000000)={0x5, 0xc3, 0x6, 0x9, 0x4, 0x76, 0x0, 0x3f, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x101, 0x0, @perf_config_ext={0x7, 0x5}, 0x401, 0x0, 0x100, 0x1, 0x4000, 0x3, 0x101, 0x0, 0xa82, 0x0, 0xffffffffffffb6a9}, 0x0, 0x3, r7, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000540)=',-\x00') (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000540)=',-\x00')
r9 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x0, 0x4, 0x6, 0x0, 0xffffffff, 0x1004, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_config_ext={0x0, 0xbd5e}, 0x18400, 0x6, 0x80000000, 0x0, 0x800, 0x0, 0x47, 0x0, 0xe2, 0x0, 0x200}, r6, 0xd, r7, 0x9)
perf_event_open(&(0x7f0000000680)={0x4, 0x80, 0x2, 0x2, 0x1, 0x7, 0x0, 0x100000000, 0x80, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000640), 0x2}, 0x104, 0x9, 0x5, 0xd, 0xffffffffffffffff, 0x8b, 0x4, 0x0, 0x1}, r6, 0xb, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000680)={0x4, 0x80, 0x2, 0x2, 0x1, 0x7, 0x0, 0x100000000, 0x80, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000640), 0x2}, 0x104, 0x9, 0x5, 0xd, 0xffffffffffffffff, 0x8b, 0x4, 0x0, 0x1}, r6, 0xb, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000005c0)={0x3, 0x80, 0x20, 0x4f, 0x3, 0x1, 0x0, 0x5, 0x4, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x9, 0x4, @perf_bp={&(0x7f0000000580), 0x93e6ff432a29df4d}, 0x81ce, 0x7, 0x8, 0x7, 0xff, 0x6, 0xfffb, 0x0, 0x347, 0x0, 0x7ff}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x90, 0xf4, 0x8, 0x0, 0x7, 0x12008, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext={0x7, 0x5}, 0x81048, 0x8, 0x4, 0x3, 0x5, 0x1, 0x2, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x10, r9, 0x9) (async)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x90, 0xf4, 0x8, 0x0, 0x7, 0x12008, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext={0x7, 0x5}, 0x81048, 0x8, 0x4, 0x3, 0x5, 0x1, 0x2, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x10, r9, 0x9)

[  147.139009][ T3399] FAULT_INJECTION: forcing a failure.
[  147.139009][ T3399] name failslab, interval 1, probability 0, space 0, times 0
[  147.204970][ T3399] CPU: 0 PID: 3399 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  147.215155][ T3399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  147.225047][ T3399] Call Trace:
[  147.228171][ T3399]  <TASK>
[  147.230949][ T3399]  dump_stack_lvl+0x151/0x1b7
[  147.235458][ T3399]  ? io_uring_drop_tctx_refs+0x190/0x190
[  147.240934][ T3399]  dump_stack+0x15/0x17
[  147.244921][ T3399]  should_fail+0x3c6/0x510
[  147.249173][ T3399]  __should_failslab+0xa4/0xe0
[  147.253773][ T3399]  ? anon_vma_fork+0xf7/0x4e0
[  147.258287][ T3399]  should_failslab+0x9/0x20
[  147.262624][ T3399]  slab_pre_alloc_hook+0x37/0xd0
[  147.267398][ T3399]  ? anon_vma_fork+0xf7/0x4e0
[  147.271913][ T3399]  kmem_cache_alloc+0x44/0x200
[  147.276513][ T3399]  anon_vma_fork+0xf7/0x4e0
[  147.280849][ T3399]  ? anon_vma_name+0x43/0x70
[  147.285276][ T3399]  ? vm_area_dup+0x17a/0x230
[  147.289704][ T3399]  copy_mm+0xa3a/0x13e0
[  147.293696][ T3399]  ? __hrtimer_init+0x16d/0x260
[  147.298386][ T3399]  ? copy_signal+0x610/0x610
[  147.302812][ T3399]  ? __init_rwsem+0xd6/0x1c0
[  147.307233][ T3399]  ? copy_signal+0x4e3/0x610
[  147.311667][ T3399]  copy_process+0x1149/0x3290
[  147.316181][ T3399]  ? proc_fail_nth_write+0x20b/0x290
[  147.321294][ T3399]  ? fsnotify_perm+0x6a/0x5d0
[  147.325808][ T3399]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  147.330757][ T3399]  ? vfs_write+0x9ec/0x1110
[  147.335099][ T3399]  kernel_clone+0x21e/0x9e0
[  147.339434][ T3399]  ? file_end_write+0x1c0/0x1c0
[  147.344382][ T3399]  ? create_io_thread+0x1e0/0x1e0
[  147.349240][ T3399]  ? mutex_unlock+0xb2/0x260
21:58:02 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f0000000780)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, <r3=>r2}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c) (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) (async)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52c61100, 0x4, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x8005, 0x800, 0x0, 0x686}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4004662b, &(0x7f00000005c0)=0x1) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xd, 0xc7b8e7b5fa007d6, &(0x7f0000001380)=ANY=[@ANYRES8=r6, @ANYRES32, @ANYBLOB="000000000100000085000000790000003104bcff100000008c8489000000ac6d67b0d25f10330bff74f313b7ea980097721ef2d531c4f19939f8847322fce96b49e70fe090ec6d0dd2a960a6dc1050333e4d0dc1faa18376e229c97c8c611a5ec9e19d0fc9fec8ce24b3f6b3c5ef4be6088e9bb1a322ec3599de00ed50944781b2b6aa7c78a08c49d40d7c9a2bafb07c7bb735a7d69b02000000007210d1484d98c9387a8207a16f253e78e5ee38a2ef364494d7b713b3ed1d4668ff5a908e2e8ff30bdc29c60d068e5b56e07a84644b0cde3d4443d9f1d5101c464ea774b8ff84d87313b429ccd09ef8b359ea1e1a1e501156aafeffffff412b9ec9ebbea7420ff9d4ef0a7f87a93b120693bda0816ed18045867bd8bc2cdb14191e66391cf612b05a24a5a038ab80a0d9c8173f0849f7e955e77b1bf0058ad0d4d26cc7a0bb9bc0535e948fa3fcda3069edb84f38a9954c00f0a5440799e5443302630fa6d1506fad019771018288faecca31539f7ae6f8120451fc3d5369d952b0898221fbd547430fc1bcf3066f3bb11e51a44916690ed027c76bda415ce098257362cc8803a3d3404ce75a7502472f1c5526d472a2335a4270e4858f5a4a4cab4ffde7c8a076a732a367c22255e6ec3630086635aa68d53c2d8ce739bd1892b167ebacb3eeeba2c1cdb1a3246b77390200000000000043cf835b3ae16e618c869675d6bffc164e14ffaff3c60f4d5923e226fc4e7fd8a88ed8ed53d0fbf11c3ef414436e4277d969cb5517b6b89a0173778e39a80e3ce72be6f9ce0b2bfb6fc74b9cc98ccd12e064cb219dc78b4c558bfaf4e15fac6618c9d1be8fbd816dc81d81a5fd7c60a6b627d3a30800000030e3ee528f6e85ca80702fcab95794c8639655343fe15049ebd32d584bc20db8ab6413696b51f22f8caf39f91fc136c0660764eced60ce1b187cda5253fe556aeef1111865c628bd517a96f9e7a7ea5ecbdba5af851435c1cec21f3cbf9f4d46759800000000000000", @ANYRES8=0x0, @ANYRES32=r5], &(0x7f0000000500)='GPL\x00', 0x3, 0xde, &(0x7f00000007c0)=""/222, 0x41100, 0x51, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x2, 0x6}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x6, 0x6, 0xd}, 0x10, 0xffffffffffffffff, r7, 0x0, &(0x7f0000000b80)=[0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff, r4, r4]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xf, &(0x7f0000000800)=@raw=[@ringbuf_query, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x4d}, @exit], &(0x7f0000000880)='syzkaller\x00', 0x7f, 0x14, &(0x7f00000008c0)=""/20, 0x41000, 0x0, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000940)={0x4, 0xe, 0x2, 0x4}, 0x10, 0xffffffffffffffff, r4, 0x3, &(0x7f0000000980)=[r0, r0, r0, r0], &(0x7f0000000a40)=[{0x0, 0x5, 0x3, 0x4}, {0x5, 0x3, 0x3, 0x9}, {0x2, 0x5, 0x0, 0x1}], 0x10, 0x6}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)=r8}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r8}, 0x20) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r0, 0x58, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x20, &(0x7f00000005c0)={&(0x7f0000000480)=""/110, 0x6e, <r12=>0x0, &(0x7f0000000500)=""/162, 0xa2}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x18, &(0x7f0000000240)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6bb}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}, @alu={0x4, 0x0, 0xa, 0x7, 0x2, 0x20}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x9}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff81, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x29, '\x00', r11, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x5, 0x0, 0x1}, 0x10, r12, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[r0, r0], &(0x7f0000000680), 0x10, 0x5}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  147.353671][ T3399]  ? __mutex_lock_slowpath+0x10/0x10
[  147.358804][ T3399]  __x64_sys_clone+0x23f/0x290
[  147.363391][ T3399]  ? __do_sys_vfork+0x130/0x130
[  147.368074][ T3399]  ? ksys_write+0x260/0x2c0
[  147.372420][ T3399]  ? debug_smp_processor_id+0x17/0x20
[  147.377630][ T3399]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  147.383528][ T3399]  ? exit_to_user_mode_prepare+0x39/0xa0
[  147.388992][ T3399]  do_syscall_64+0x3d/0xb0
[  147.393249][ T3399]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  147.398975][ T3399] RIP: 0033:0x7faae203fda9
[  147.403231][ T3399] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  147.422763][ T3399] RSP: 002b:00007faae0dc1078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  147.431002][ T3399] RAX: ffffffffffffffda RBX: 00007faae216df80 RCX: 00007faae203fda9
[  147.438826][ T3399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c821000
[  147.446624][ T3399] RBP: 00007faae0dc1120 R08: 0000000000000000 R09: 0000000000000000
21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc) (async)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x8, 0x7f, 0x8, 0x0, 0x7da, 0x48000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0xe37, 0x79b}, 0xc90b, 0x6, 0x78a15952, 0x4, 0x8000, 0x101, 0xb9, 0x0, 0x1f, 0x0, 0x40000}, 0x0, 0xf, 0xffffffffffffffff, 0x2) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000280)='syzkaller\x00') (async)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="180000e6e45af2ae934fcf2d00000000000a16ac000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000e51aa2b89500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000b8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0x7, 0x20}, 0xc) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
r4 = getpid() (async)
r5 = perf_event_open$cgroup(&(0x7f0000000400)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f00000003c0)}, 0x12013, 0x1692, 0x9, 0x3, 0x655ab386, 0x101, 0x2, 0x0, 0x1, 0x0, 0x1000}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x5, 0x0, 0x3, 0x0, 0x2, 0xe2a01, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x1000, 0x5, 0x7, 0xd, 0x6, 0x4, 0x8000, 0x0, 0x1ff, 0x0, 0x7ff}, r4, 0xe, r5, 0x8) (async)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x9, 0x6, 0x7, 0x1, 0x0, 0x0, 0x2338, 0x7, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x0, @perf_bp={&(0x7f0000000380), 0x1}, 0x100808, 0x100000000, 0x1, 0x7, 0x400, 0x20, 0x5, 0x0, 0xffffffff, 0x0, 0x4}, r4, 0x2, r1, 0xa) (async)
r6 = syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r7 = perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x80, 0xff, 0x4, 0x12, 0x1, 0x0, 0x1, 0x11020, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x1, 0xffffffffffffffff}, 0x8000, 0x48, 0x8, 0x3, 0x9, 0xacb, 0xacb1, 0x0, 0x80000000, 0x0, 0x6}, 0xffffffffffffffff, 0xe, r0, 0x8)
r8 = perf_event_open(&(0x7f0000000000)={0x5, 0xc3, 0x6, 0x9, 0x4, 0x76, 0x0, 0x3f, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x101, 0x0, @perf_config_ext={0x7, 0x5}, 0x401, 0x0, 0x100, 0x1, 0x4000, 0x3, 0x101, 0x0, 0xa82, 0x0, 0xffffffffffffb6a9}, 0x0, 0x3, r7, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000540)=',-\x00') (async)
r9 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x0, 0x4, 0x6, 0x0, 0xffffffff, 0x1004, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_config_ext={0x0, 0xbd5e}, 0x18400, 0x6, 0x80000000, 0x0, 0x800, 0x0, 0x47, 0x0, 0xe2, 0x0, 0x200}, r6, 0xd, r7, 0x9) (async)
perf_event_open(&(0x7f0000000680)={0x4, 0x80, 0x2, 0x2, 0x1, 0x7, 0x0, 0x100000000, 0x80, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000640), 0x2}, 0x104, 0x9, 0x5, 0xd, 0xffffffffffffffff, 0x8b, 0x4, 0x0, 0x1}, r6, 0xb, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f00000005c0)={0x3, 0x80, 0x20, 0x4f, 0x3, 0x1, 0x0, 0x5, 0x4, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x9, 0x4, @perf_bp={&(0x7f0000000580), 0x93e6ff432a29df4d}, 0x81ce, 0x7, 0x8, 0x7, 0xff, 0x6, 0xfffb, 0x0, 0x347, 0x0, 0x7ff}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x90, 0xf4, 0x8, 0x0, 0x7, 0x12008, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext={0x7, 0x5}, 0x81048, 0x8, 0x4, 0x3, 0x5, 0x1, 0x2, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x10, r9, 0x9)

[  147.454438][ T3399] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  147.462249][ T3399] R13: 000000000000000b R14: 00007faae216df80 R15: 00007ffcc786d3b8
[  147.470066][ T3399]  </TASK>
21:58:02 executing program 2:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
getpid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0xffffffffffffffbb)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0x43400)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000140)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000002340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0xed, &(0x7f0000000280)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r3, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0], <r7=>0x0, 0xf9, &(0x7f0000000840)=[{}], 0x8, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x4f, 0x8, 0x8, &(0x7f0000000900)}}, 0x10)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x40, '\x00', 0x0, r2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x20, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000880000000000000aac8b7c315517f8203d650001000000950000000c"], &(0x7f0000000340)='GPL\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0xa, 0x3, 0x7}, 0x10, r7, r1, 0x5, &(0x7f0000000b00)=[r1, r8], &(0x7f0000000b40)=[{0x2, 0x1, 0x1, 0xa}, {0x1, 0x5, 0x1, 0x4}, {0x4, 0x4, 0x6, 0xa}, {0x2, 0x4, 0x0, 0xa}, {0x3, 0x1, 0x0, 0xc}], 0x10, 0xffff}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r8, 0x58, &(0x7f0000000680)={0x0, <r9=>0x0}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={r9}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x5, &(0x7f0000002240)=ANY=[@ANYBLOB="180000007f0000000000000001000080182100009f9829c7f666fe2e9ef352dec432d947bb550217d2fc9f06ffb65a9734883b91f2bbc0bd71c02a5b591e693b56d7751e7118d8dd2db8fe7045a75efceb7410cb1c190bb253556011253000ae14b2667817a92d9249f792bacc5e048cac25eab100025a5d", @ANYRES32=r0, @ANYBLOB="00000000060000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x90, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x5, 0xd, 0x3ff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000140)=[r0, r0, r0, r0, r0, r0], &(0x7f0000000180)=[{0x5, 0x1, 0x1, 0x5}, {0x4, 0x1, 0xb}], 0x10, 0x4}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000800000b702000014000000b7030000000000008500000086000000bc0900000000000035090100000000009500000000000000b7020000000000077b9af8ff00000000c6090000000000007baaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040080adb1983893c5182ba09ec34d3d2a00f0", @ANYRES32=r11, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000002380)=@base={0xc, 0x1000, 0x630, 0x0, 0x18, r10, 0x23ee, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x4}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002040)={0xffffffffffffffff, 0xe0, &(0x7f0000001f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001d80)=[0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x7, 0x2, &(0x7f0000001dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001e00)=[0x0, 0x0], 0x0, 0xc1, &(0x7f0000001e40)=[{}], 0x8, 0x10, &(0x7f0000001e80), &(0x7f0000001ec0), 0x8, 0x46, 0x8, 0x8, &(0x7f0000001f00)}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={r9, 0x0, 0x8}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002180)={0x6, 0x15, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000ff0100000000004dcb00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000007865180001000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000d40)='GPL\x00', 0x9, 0x1000, &(0x7f0000000d80)=""/4096, 0x41000, 0x45, '\x00', r13, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002080)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000020c0)={0x1, 0x7, 0x1, 0x8}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000002100)=[r8], &(0x7f0000002140)=[{0x1, 0x1, 0x10, 0x3}, {0x0, 0x4, 0x6, 0x7}], 0x10, 0xff}, 0x90)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002300)={r9, 0x10000, 0xc}, 0xc)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0xffffffffffffffbb) (async, rerun: 32)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc) (rerun: 32)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0x43400) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000140)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) (async, rerun: 32)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50}, 0x90) (rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000002340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0xed, &(0x7f0000000280)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r3, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0], <r7=>0x0, 0xf9, &(0x7f0000000840)=[{}], 0x8, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x4f, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) (async)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x40, '\x00', 0x0, r2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x20, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000880000000000000aac8b7c315517f8203d650001000000950000000c"], &(0x7f0000000340)='GPL\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0xa, 0x3, 0x7}, 0x10, r7, r1, 0x5, &(0x7f0000000b00)=[r1, r8], &(0x7f0000000b40)=[{0x2, 0x1, 0x1, 0xa}, {0x1, 0x5, 0x1, 0x4}, {0x4, 0x4, 0x6, 0xa}, {0x2, 0x4, 0x0, 0xa}, {0x3, 0x1, 0x0, 0xc}], 0x10, 0xffff}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r8, 0x58, &(0x7f0000000680)={0x0, <r9=>0x0}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={r9}, 0xc) (async, rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x5, &(0x7f0000002240)=ANY=[@ANYBLOB="180000007f0000000000000001000080182100009f9829c7f666fe2e9ef352dec432d947bb550217d2fc9f06ffb65a9734883b91f2bbc0bd71c02a5b591e693b56d7751e7118d8dd2db8fe7045a75efceb7410cb1c190bb253556011253000ae14b2667817a92d9249f792bacc5e048cac25eab100025a5d", @ANYRES32=r0, @ANYBLOB="00000000060000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x90, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x5, 0xd, 0x3ff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000140)=[r0, r0, r0, r0, r0, r0], &(0x7f0000000180)=[{0x5, 0x1, 0x1, 0x5}, {0x4, 0x1, 0xb}], 0x10, 0x4}, 0x90) (async, rerun: 64)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000800000b702000014000000b7030000000000008500000086000000bc0900000000000035090100000000009500000000000000b7020000000000077b9af8ff00000000c6090000000000007baaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040080adb1983893c5182ba09ec34d3d2a00f0", @ANYRES32=r11, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000002380)=@base={0xc, 0x1000, 0x630, 0x0, 0x18, r10, 0x23ee, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x4}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002040)={0xffffffffffffffff, 0xe0, &(0x7f0000001f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001d80)=[0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x7, 0x2, &(0x7f0000001dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001e00)=[0x0, 0x0], 0x0, 0xc1, &(0x7f0000001e40)=[{}], 0x8, 0x10, &(0x7f0000001e80), &(0x7f0000001ec0), 0x8, 0x46, 0x8, 0x8, &(0x7f0000001f00)}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={r9, 0x0, 0x8}, 0xc) (async, rerun: 32)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002180)={0x6, 0x15, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000ff0100000000004dcb00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000007865180001000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000d40)='GPL\x00', 0x9, 0x1000, &(0x7f0000000d80)=""/4096, 0x41000, 0x45, '\x00', r13, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002080)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000020c0)={0x1, 0x7, 0x1, 0x8}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000002100)=[r8], &(0x7f0000002140)=[{0x1, 0x1, 0x10, 0x3}, {0x0, 0x4, 0x6, 0x7}], 0x10, 0xff}, 0x90) (async, rerun: 32)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002300)={r9, 0x10000, 0xc}, 0xc) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0xffffffffffffffbb) (async)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) (async)
write$cgroup_int(r1, &(0x7f0000000200), 0x43400)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000140)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) (async)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r5, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000002340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0xed, &(0x7f0000000280)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r3, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0], <r7=>0x0, 0xf9, &(0x7f0000000840)=[{}], 0x8, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x4f, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) (async)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x40, '\x00', 0x0, r2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x20, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000880000000000000aac8b7c315517f8203d650001000000950000000c"], &(0x7f0000000340)='GPL\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0xa, 0x3, 0x7}, 0x10, r7, r1, 0x5, &(0x7f0000000b00)=[r1, r8], &(0x7f0000000b40)=[{0x2, 0x1, 0x1, 0xa}, {0x1, 0x5, 0x1, 0x4}, {0x4, 0x4, 0x6, 0xa}, {0x2, 0x4, 0x0, 0xa}, {0x3, 0x1, 0x0, 0xc}], 0x10, 0xffff}, 0x90) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r8, 0x58, &(0x7f0000000680)={0x0, <r9=>0x0}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={r9}, 0xc) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x5, &(0x7f0000002240)=ANY=[@ANYBLOB="180000007f0000000000000001000080182100009f9829c7f666fe2e9ef352dec432d947bb550217d2fc9f06ffb65a9734883b91f2bbc0bd71c02a5b591e693b56d7751e7118d8dd2db8fe7045a75efceb7410cb1c190bb253556011253000ae14b2667817a92d9249f792bacc5e048cac25eab100025a5d", @ANYRES32=r0, @ANYBLOB="00000000060000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x90, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x5, 0xd, 0x3ff, 0x7f}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000140)=[r0, r0, r0, r0, r0, r0], &(0x7f0000000180)=[{0x5, 0x1, 0x1, 0x5}, {0x4, 0x1, 0xb}], 0x10, 0x4}, 0x90) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000800000b702000014000000b7030000000000008500000086000000bc0900000000000035090100000000009500000000000000b7020000000000077b9af8ff00000000c6090000000000007baaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040080adb1983893c5182ba09ec34d3d2a00f0", @ANYRES32=r11, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000002380)=@base={0xc, 0x1000, 0x630, 0x0, 0x18, r10, 0x23ee, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x4}, 0x48) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002040)={0xffffffffffffffff, 0xe0, &(0x7f0000001f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001d80)=[0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x7, 0x2, &(0x7f0000001dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001e00)=[0x0, 0x0], 0x0, 0xc1, &(0x7f0000001e40)=[{}], 0x8, 0x10, &(0x7f0000001e80), &(0x7f0000001ec0), 0x8, 0x46, 0x8, 0x8, &(0x7f0000001f00)}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={r9, 0x0, 0x8}, 0xc) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002180)={0x6, 0x15, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000ff0100000000004dcb00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000007865180001000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000d40)='GPL\x00', 0x9, 0x1000, &(0x7f0000000d80)=""/4096, 0x41000, 0x45, '\x00', r13, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002080)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000020c0)={0x1, 0x7, 0x1, 0x8}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000002100)=[r8], &(0x7f0000002140)=[{0x1, 0x1, 0x10, 0x3}, {0x0, 0x4, 0x6, 0x7}], 0x10, 0xff}, 0x90)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002300)={r9, 0x10000, 0xc}, 0xc) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  147.678899][ T3399] ------------[ cut here ]------------
[  147.684361][ T3399] refcount_t: underflow; use-after-free.
[  147.690234][ T3399] WARNING: CPU: 1 PID: 3399 at lib/refcount.c:28 refcount_warn_saturate+0x158/0x1a0
[  147.699634][ T3399] Modules linked in:
[  147.703526][ T3399] CPU: 1 PID: 3399 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  147.714002][ T3399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  147.746732][ T3399] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[  147.765354][ T3399] Code: 04 01 48 c7 c7 40 c8 82 85 e8 e4 9e dc fe 0f 0b eb 8b e8 6b 49 0b ff c6 05 73 8e 9e 04 01 48 c7 c7 a0 c8 82 85 e8 c8 9e dc fe <0f> 0b e9 6c ff ff ff e8 4c 49 0b ff c6 05 55 8e 9e 04 01 48 c7 c7
21:58:02 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  147.792189][ T3399] RSP: 0018:ffffc900055df968 EFLAGS: 00010246
[  147.799893][ T3399] RAX: fab4fed83a469d00 RBX: 0000000000000003 RCX: 0000000000040000
[  147.808115][ T3399] RDX: ffffc9000152e000 RSI: 0000000000019d34 RDI: 0000000000019d35
[  147.816063][ T3399] RBP: ffffc900055df978 R08: ffffffff81575f25 R09: ffffed103ee265e8
21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = getpid()
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x7, 0x50000, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0xe406, 0x1000, 0x0, 0x2, 0x4, 0x3, 0x0, 0x0, 0x3ff, 0x0, 0x80000001}, r0, 0xd, 0xffffffffffffffff, 0x9)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000100))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='afs_make_fs_call2\x00'}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r2, 0x58, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x2, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085000000840000200000000000000500950000000000000023420745d253c4c4145431b162a63228d6e9a5b8b373a561841d365dde5e934a90feef55996ec6fb8f872f98d85262e86b7591c70ce7982f680ab560052df25089eb7ba0876616b5721e57360fb3905dc8c28a56591c7107bc2332edfe83fb3acb53159ba37e2aa0833ef5f2f9f5789137118514bb5c9d7b126f0ea94e36146ef668099ccc5af99d28ec498ed3a6dc4736d39320ca37e32db84ba3cff2ace32b316a0f808935c7aa9aed5963e25e791467e14af34a00614cf755f2efb87a047cabc35e7b98cd35ee8e204a1b9ac7809a12d97e88f011e8a4f7e4a915371b0c148102c550870eae5e3c60adcbd54e4e70b31a1af8487f88b0b1a1357bc58fe9b628400cb627fc5db051dcf37a56e850cbee6d80851ce229d19756087811daeabbb593ee7f24fadb3e6bb792c85c8d9f9d4171ce65150df2d2f5f13f8f5f7172433b90a6660f11652037d8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  147.842841][ T3399] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025ac4883
[  147.876041][ T3399] R13: ffff88812d624418 R14: 0000000000000003 R15: ffff88810c26d749
21:58:02 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc) (async)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r0 = getpid()
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x7, 0x50000, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0xe406, 0x1000, 0x0, 0x2, 0x4, 0x3, 0x0, 0x0, 0x3ff, 0x0, 0x80000001}, r0, 0xd, 0xffffffffffffffff, 0x9)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000100)) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='afs_make_fs_call2\x00'}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r2, 0x58, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x2, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085000000840000200000000000000500950000000000000023420745d253c4c4145431b162a63228d6e9a5b8b373a561841d365dde5e934a90feef55996ec6fb8f872f98d85262e86b7591c70ce7982f680ab560052df25089eb7ba0876616b5721e57360fb3905dc8c28a56591c7107bc2332edfe83fb3acb53159ba37e2aa0833ef5f2f9f5789137118514bb5c9d7b126f0ea94e36146ef668099ccc5af99d28ec498ed3a6dc4736d39320ca37e32db84ba3cff2ace32b316a0f808935c7aa9aed5963e25e791467e14af34a00614cf755f2efb87a047cabc35e7b98cd35ee8e204a1b9ac7809a12d97e88f011e8a4f7e4a915371b0c148102c550870eae5e3c60adcbd54e4e70b31a1af8487f88b0b1a1357bc58fe9b628400cb627fc5db051dcf37a56e850cbee6d80851ce229d19756087811daeabbb593ee7f24fadb3e6bb792c85c8d9f9d4171ce65150df2d2f5f13f8f5f7172433b90a6660f11652037d8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = getpid()
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x7, 0x50000, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0xe406, 0x1000, 0x0, 0x2, 0x4, 0x3, 0x0, 0x0, 0x3ff, 0x0, 0x80000001}, r0, 0xd, 0xffffffffffffffff, 0x9)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000100))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='afs_make_fs_call2\x00'}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r2, 0x58, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x2, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085000000840000200000000000000500950000000000000023420745d253c4c4145431b162a63228d6e9a5b8b373a561841d365dde5e934a90feef55996ec6fb8f872f98d85262e86b7591c70ce7982f680ab560052df25089eb7ba0876616b5721e57360fb3905dc8c28a56591c7107bc2332edfe83fb3acb53159ba37e2aa0833ef5f2f9f5789137118514bb5c9d7b126f0ea94e36146ef668099ccc5af99d28ec498ed3a6dc4736d39320ca37e32db84ba3cff2ace32b316a0f808935c7aa9aed5963e25e791467e14af34a00614cf755f2efb87a047cabc35e7b98cd35ee8e204a1b9ac7809a12d97e88f011e8a4f7e4a915371b0c148102c550870eae5e3c60adcbd54e4e70b31a1af8487f88b0b1a1357bc58fe9b628400cb627fc5db051dcf37a56e850cbee6d80851ce229d19756087811daeabbb593ee7f24fadb3e6bb792c85c8d9f9d4171ce65150df2d2f5f13f8f5f7172433b90a6660f11652037d8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc) (async)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0) (async)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
getpid() (async)
perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x7, 0x50000, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0xe406, 0x1000, 0x0, 0x2, 0x4, 0x3, 0x0, 0x0, 0x3ff, 0x0, 0x80000001}, r0, 0xd, 0xffffffffffffffff, 0x9) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0) (async)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000100)) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='afs_make_fs_call2\x00'}, 0x10) (async)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r2, 0x58, &(0x7f00000001c0)}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x2, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085000000840000200000000000000500950000000000000023420745d253c4c4145431b162a63228d6e9a5b8b373a561841d365dde5e934a90feef55996ec6fb8f872f98d85262e86b7591c70ce7982f680ab560052df25089eb7ba0876616b5721e57360fb3905dc8c28a56591c7107bc2332edfe83fb3acb53159ba37e2aa0833ef5f2f9f5789137118514bb5c9d7b126f0ea94e36146ef668099ccc5af99d28ec498ed3a6dc4736d39320ca37e32db84ba3cff2ace32b316a0f808935c7aa9aed5963e25e791467e14af34a00614cf755f2efb87a047cabc35e7b98cd35ee8e204a1b9ac7809a12d97e88f011e8a4f7e4a915371b0c148102c550870eae5e3c60adcbd54e4e70b31a1af8487f88b0b1a1357bc58fe9b628400cb627fc5db051dcf37a56e850cbee6d80851ce229d19756087811daeabbb593ee7f24fadb3e6bb792c85c8d9f9d4171ce65150df2d2f5f13f8f5f7172433b90a6660f11652037d8"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

[  147.986738][ T3399] FS:  00007faae0dc16c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  147.999097][ T3399] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.010986][ T3399] CR2: 00000000200000c0 CR3: 000000012c2b9000 CR4: 00000000003506a0
[  148.023918][ T3399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
21:58:02 executing program 4:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x0, 0x8}, 0xc)
r0 = perf_event_open(&(0x7f0000001080)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x2, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x61b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

21:58:02 executing program 3:
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0), 0xc)
perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000040)='\x00')
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000440)={&(0x7f0000000100)="285d7647476db4ebd29490281f0416d95f9d86e20fa66b6ca1664ee9dbe9e3ee68cc0b5829d28c959c0fb3dda66b89dc288cae37af69518d0e4c44eadda27b96b318211a7f0d9c694f334d93b3e9a1597d6a1de8c0dff36287b164f967357c5b8209a648001404923d81e4d9ecb24c04840131922c6729a585fbdd4d4172cfcde61bd097a727", &(0x7f00000001c0)=""/220, &(0x7f00000002c0)="266628a0e9fdc3eb30dd951e39dc52591d8e93bcc301894459c99de2bb8b3012adf44270829c13ac566defec43834c2ba48108d804e16f368ccecedda9e652d934e6e9c928151e367deeaaa0e40be73e3958c8", &(0x7f00000003c0)="395158d380b6679278c945ac0d12460ae6124a37f14d53271cfdd50797d220dbcb3c9b93ac8e3ef9c2fb7d39b5e94cff3aede37ca16ffc82905c067702ceb36936eacab932b1b1be382a27104062acf1a8ffa39c6e8ef40373647fdce74f6b1142d778bb1f798a", 0x9, r2, 0x4}, 0x38)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)=r2}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000007c0)={r2, 0x58, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000880)={0x401, <r5=>0x0}, 0x8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x401c5820, &(0x7f0000000000)=0x8000)
write$cgroup_type(r6, &(0x7f0000000200), 0x9)
close(r6)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000008c0)={0xffffffffffffffff, 0x70, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x14, 0x1e, &(0x7f0000000540)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @exit, @ldst={0x3, 0x2, 0x4, 0x5, 0x0, 0x20, 0xfffffffffffffff0}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x18}}, @alu={0x4, 0x1, 0x0, 0x8, 0x9, 0x40, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}], &(0x7f0000000640)='syzkaller\x00', 0xedce, 0xa8, &(0x7f0000000680)=""/168, 0x40f00, 0x72, '\x00', r4, 0x28, r2, 0x8, &(0x7f0000000800)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x2, 0x5, 0x8001}, 0x10, r5, r2, 0x1, &(0x7f0000000900)=[r0, 0xffffffffffffffff, r6, r2, r7, r2, r0, r2], &(0x7f0000000940)=[{0x5, 0x3, 0xd, 0x8}], 0x10, 0x10001}, 0x90)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="000000001018117100"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b703000000000000ff03000083000000bf09000000000000550901000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x90)
syz_clone(0x2c821100, 0x0, 0x0, 0x0, 0x0, 0x0)

[  148.041440][ T3399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  148.063036][ T3399] Call Trace:
[  148.078238][ T3399]  <TASK>
[  148.082197][ T3399]  ? show_regs+0x58/0x60
[  148.083284][ T3477] BUG: unable to handle page fault for address: ffffed1800000011
[  148.087863][ T3399]  ? __warn+0x160/0x2f0
[  148.093995][ T3477] #PF: supervisor read access in kernel mode
[  148.094011][ T3477] #PF: error_code(0x0000) - not-present page
[  148.094025][ T3477] PGD 23fff2067 P4D 23fff2067 
[  148.101332][ T3399]  ? refcount_warn_saturate+0x158/0x1a0
[  148.103803][ T3477] PUD 0 
[  148.103821][ T3477] Oops: 0000 [#1] PREEMPT SMP KASAN
[  148.110283][ T3399]  ? report_bug+0x3d9/0x5b0
[  148.114217][ T3477] CPU: 0 PID: 3477 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  148.114249][ T3477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  148.119700][ T3399]  ? refcount_warn_saturate+0x158/0x1a0
[  148.122288][ T3477] RIP: 0010:__rb_insert_augmented+0x91/0x610
[  148.122320][ T3477] Code: 00 74 08 4c 89 ef e8 5e 0b 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 30 0b 2b ff 48 89 d8 48 8b 1b 4c
[  148.127391][ T3399]  ? handle_bug+0x41/0x70
[  148.131659][ T3477] RSP: 0018:ffffc90005d178f8 EFLAGS: 00010a06
[  148.131681][ T3477] RAX: ffff88c000000080 RBX: ffff88c000000088 RCX: dffffc0000000000
[  148.150671][ T3399]  ? exc_invalid_op+0x1b/0x50
[  148.151621][ T3477] RDX: ffffffff81a50880 RSI: ffff88810fa61aa8 RDI: ffff88812f3ffbe8
[  148.160405][ T3399]  ? asm_exc_invalid_op+0x1b/0x20
[  148.162818][ T3477] RBP: ffffc90005d17960 R08: dffffc0000000000 R09: ffff88812f3ffbf0
[  148.162839][ T3477] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  148.187659][ T3399]  ? __wake_up_klogd+0xd5/0x110
[  148.192328][ T3477] R13: ffff88810c26d748 R14: 1ffff11800000011 R15: ffff88811dbb0ac0
[  148.192349][ T3477] FS:  00007fda0bdb96c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  148.254605][ T3477] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.261039][ T3477] CR2: ffffed1800000011 CR3: 00000001168c9000 CR4: 00000000003506b0
[  148.268840][ T3477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  148.276751][ T3477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  148.284634][ T3477] Call Trace:
[  148.287759][ T3477]  <TASK>
[  148.290711][ T3477]  ? __die_body+0x62/0xb0
[  148.294874][ T3477]  ? __die+0x7e/0x90
[  148.298608][ T3477]  ? page_fault_oops+0x7f9/0xa90
[  148.303381][ T3477]  ? __rb_insert_augmented+0x91/0x610
[  148.308590][ T3477]  ? kernelmode_fixup_or_oops+0x270/0x270
[  148.314143][ T3477]  ? is_prefetch+0x47a/0x6d0
[  148.318569][ T3477]  ? search_bpf_extables+0x26d/0x2c0
[  148.323694][ T3477]  ? __rb_insert_augmented+0x91/0x610
[  148.328896][ T3477]  ? __rb_insert_augmented+0x91/0x610
[  148.334107][ T3477]  ? fixup_exception+0xbb/0x13c0
[  148.338880][ T3477]  ? stack_trace_save+0x113/0x1c0
[  148.343741][ T3477]  ? kernelmode_fixup_or_oops+0x21b/0x270
[  148.349298][ T3477]  ? __bad_area_nosemaphore+0xcf/0x490
[  148.355370][ T3477]  ? __kasan_slab_alloc+0xc3/0xe0
[  148.360231][ T3477]  ? bad_area_nosemaphore+0x2d/0x40
[  148.365263][ T3477]  ? do_kern_addr_fault+0x69/0x80
[  148.370127][ T3477]  ? exc_page_fault+0x4eb/0x830
[  148.374816][ T3477]  ? asm_exc_page_fault+0x27/0x30
[  148.379674][ T3477]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  148.385920][ T3477]  ? __rb_insert_augmented+0x91/0x610
[  148.391129][ T3477]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  148.397498][ T3477]  vma_interval_tree_insert_after+0x2be/0x2d0
[  148.403397][ T3477]  copy_mm+0xba2/0x13e0
[  148.407393][ T3477]  ? copy_signal+0x610/0x610
[  148.411817][ T3477]  ? __init_rwsem+0xd6/0x1c0
[  148.416241][ T3477]  ? copy_signal+0x4e3/0x610
[  148.420687][ T3477]  copy_process+0x1149/0x3290
[  148.425183][ T3477]  ? __fdget+0x1ce/0x240
[  148.429262][ T3477]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  148.434236][ T3477]  ? anon_inode_getfd+0x40/0x40
[  148.438891][ T3477]  ? _raw_spin_lock_bh+0xa4/0x1b0
[  148.443756][ T3477]  kernel_clone+0x21e/0x9e0
[  148.448099][ T3477]  ? create_io_thread+0x1e0/0x1e0
[  148.452957][ T3477]  ? security_bpf+0x82/0xb0
[  148.457296][ T3477]  __x64_sys_clone+0x23f/0x290
[  148.461895][ T3477]  ? __do_sys_vfork+0x130/0x130
[  148.466580][ T3477]  ? switch_fpu_return+0x1ed/0x3d0
[  148.471529][ T3477]  ? __kasan_check_read+0x11/0x20
[  148.476389][ T3477]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  148.481858][ T3477]  do_syscall_64+0x3d/0xb0
[  148.486199][ T3477]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  148.491927][ T3477] RIP: 0033:0x7fda0d037da9
[  148.496188][ T3477] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  148.515722][ T3477] RSP: 002b:00007fda0bdb9078 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  148.523973][ T3477] RAX: ffffffffffffffda RBX: 00007fda0d165f80 RCX: 00007fda0d037da9
[  148.531775][ T3477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  148.539588][ T3477] RBP: 00007fda0d08447a R08: 0000000000000000 R09: 0000000000000000
[  148.547514][ T3477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  148.555327][ T3477] R13: 000000000000000b R14: 00007fda0d165f80 R15: 00007ffe3986c368
[  148.563139][ T3477]  </TASK>
[  148.565999][ T3477] Modules linked in:
[  148.569733][ T3477] CR2: ffffed1800000011
[  148.573727][ T3477] ---[ end trace 6034d3b1ffaf0ecf ]---
[  148.579018][ T3477] RIP: 0010:__rb_insert_augmented+0x91/0x610
[  148.584833][ T3477] Code: 00 74 08 4c 89 ef e8 5e 0b 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 30 0b 2b ff 48 89 d8 48 8b 1b 4c
[  148.604276][ T3477] RSP: 0018:ffffc90005d178f8 EFLAGS: 00010a06
[  148.610176][ T3477] RAX: ffff88c000000080 RBX: ffff88c000000088 RCX: dffffc0000000000
[  148.617997][ T3477] RDX: ffffffff81a50880 RSI: ffff88810fa61aa8 RDI: ffff88812f3ffbe8
[  148.625799][ T3477] RBP: ffffc90005d17960 R08: dffffc0000000000 R09: ffff88812f3ffbf0
[  148.633610][ T3477] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  148.641431][ T3477] R13: ffff88810c26d748 R14: 1ffff11800000011 R15: ffff88811dbb0ac0
[  148.649237][ T3477] FS:  00007fda0bdb96c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  148.658001][ T3477] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.664421][ T3477] CR2: ffffed1800000011 CR3: 00000001168c9000 CR4: 00000000003506b0
[  148.672235][ T3477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  148.680046][ T3477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  148.687860][ T3477] Kernel panic - not syncing: Fatal exception
[  148.694045][ T3477] Kernel Offset: disabled
[  148.698174][ T3477] Rebooting in 86400 seconds..