ff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000038000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000048000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x0, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x0, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000058000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x0, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000060000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x0, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000068000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x0, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000070000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000078000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000088000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x0, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000098000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000a8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000b8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000c8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000d8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x0, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 1: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000b8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x0, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000e8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000f0000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x0, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r0}, 0x10) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000f8000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:29 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000008010000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000018010000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000028010000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000038010000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:29 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000030000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:29 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000050000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000060000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000070000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000001080000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r0}, 0x10) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r2], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r2, r2, r2, r1]}, 0x90) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000a0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000c0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(0x0, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000d0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000f0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000140000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000180000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000001180000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x0, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x0, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000190000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000001b0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x0, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000001c0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000200000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000280000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(0x0, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000001280000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000300000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(0x0, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000380000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000001380000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r0}, 0x10) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r2], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r2, r2, r2, r1]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000003f0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000400000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000480000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xda00) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@o_path={&(0x7f0000000b00)='./file0\x00', 0x0, 0x4000, r4}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x16, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x4f}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe6c}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000240)='GPL\x00', 0x0, 0x78, &(0x7f0000000a00)=""/120, 0x40f00, 0x50, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000a80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000b80)=[r6, r5, r5], &(0x7f0000000bc0)=[{0x0, 0x801, 0xd, 0xb}], 0x10, 0x5}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='cachefiles_ondemand_fd_release\x00', r5}, 0x10) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, 0x0, 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000580000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, 0x0, 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000600000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, 0x0, 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000680000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000700000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000780000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xda00) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@o_path={&(0x7f0000000b00)='./file0\x00', 0x0, 0x4000, r4}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x16, &(0x7f0000000440)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x4f}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe6c}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000240)='GPL\x00', 0x0, 0x78, &(0x7f0000000a00)=""/120, 0x40f00, 0x50, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000a80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000b80)=[r6, r5, r5], &(0x7f0000000bc0)=[{0x0, 0x801, 0xd, 0xb}], 0x10, 0x5}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='cachefiles_ondemand_fd_release\x00', r5}, 0x10) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000880000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000980000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 2: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000000003818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000a80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4}, 0x90) 07:45:30 executing program 3: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000000001c18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000b80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000c80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000d80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000e80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 1: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x7fff, 0x0, 0xffffffffffffffff, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001740)={r1, 0xe0, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400), ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000ac0)=[0x0], &(0x7f0000000c00)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000001600), 0x0, 0x10, &(0x7f0000001680), &(0x7f0000000600), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001700)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001ac0)={0x33, 0x5, &(0x7f0000002400)=ANY=[@ANYBLOB="1a05ff0000000000950000000000000000c82c3220fb9d65153161e4bc7a6fac76d3977e7bb24566f84b3c3891045cec2bf855b2d0c84bf6aaa20918471ce9000000ac1d0256c0a5a7f6157a25c596a2b535fd05000000e3086d6feaafa55405cc7c0800000000000000000000000f000000000000000000c995963525697e278c63a7b6550000ff5ee18b761c6bfc4cd1d2caae2281006de4aaab99d2a6a0297fadf43cd59eb75a48014a1279639299f022a95d631d08f02babf5b551c1bc1a4b4a643de10f4e418be7d4cc01500211fa81bc4372aa8888690cb36345d5ad7b47fa24d45ad9fd91dd316cf54870be0d00bf29d1319a46cb54f7bdd2b16bb4c1a00075e3a5f547591b5bc40600a4d95fe3e71249bfc276ed047c7d480b987214fbafa5f55f4b2f3d0c40bfc64d3a6b8b30c473fa6abacc4642613b4aff9aa68a9140bc2245f7e6a022f480b4b7f2a8a3751b93b2dddc3b6e370c6cdea809001ca5abee4e98b4540867601a8299181ada08eed1de6f13adcbe94c698ad4b19e7037b4d0dbda5d3b1dfde1300efaf09f29becd9decfdfbe060d7b5a1b1b9a1540ef079150516fdc08c04d0a15b5798bc94b076bb4987a38121fa2ae93200c4807161318268083133dc79e2d81084900b49553f366e75807f61321f603c0c9912dc1fa43f17a56eaa296cbf4f01710171a779fb9ada16cd1409e3c3fd9d0154f9a436f650930d94b6ce42b32ca9e2a946b80ed1b63df433c792967a887a1cdfa5c9b6876a9f69acd118146fb8a4e5a393fd9ecfbfe10b26c563f20bc2fd19832ba61f8a5d06e7a2bdecd7cb93c94c04f6bdfc3fa8f2221aae8447a33d53ee4e925ed34d43377dc789a3266d6239b3e1ab992ca87991a9ef5673aee4e8fbb7cb1389c067a02b2477f85460831af100b5fc98b02f102322bf47fccdc01bca76b11a0f6689e9179fbef0c6fb71f1fc13659f24d7c662fa8b62b12dd27403b8e0824885f8a925828ff4d577a199c54e9ca01a05bc211cdd6b642326323c8d647a209f8b2304fbf570db1f498a5f030071122b59050acd361ceaea208522f0567862edb9313dab4bfff66ed3dc8ba240f3e18ffef54672144793c043219850f4d60e0e319039721c12c4cf16121f05000000515ff413b4a0e650f89a27a6ed9e55a950222aac53fde6649a008dc7f6648b70d518f77a9dbf43c792c66d9c4d3284c923af0ca44f85d75dc7c083f835fa95c7f583185dd81ee28e1b41ca2d900c7bf6213881f527a4d79cbefb9f3c0f81bf544229d4792006fb0cef4f17fdf6cdad00d7c1a93ec9b72e8a2b65369ea931cfd4843875d0ff86e9c3b21d6e135f3ff52724166132f22bc368772e035b1cb8d4e5d68aa6cea0afd6f248811968ff758e7077de66584602dfe1d41a0614a8f0f8d4ebecdba8af086ef01879c731414d04350591c76d219197f520d8149cdfba457ffd1aa2fc7ce793ad148c8d76ffdd72a2edd34103fccd08cfb95219f305ae99be73cb72d0b25c1116b18e3c5441a7a07c4ab77194ae7de3a73989a100749901d47a049b82833e7b712913ff92ffeadfae454d41a5a1f03684548f5f9d80fc6c659fcec58c1d4fe32e543bc1d55cbdbdea1396b330c4de7fe7e130baf6c9ba2c20bf38331ef68471dfd352f31765a087280e73c21a75a968317924d07180f91d948f44cd2035eb3f208b4e2d66aaf4c0"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x29, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001a00)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000001a40)={0x5, 0xf, 0x2, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001a80)=[0xffffffffffffffff]}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%+9llu \x00'}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1d, &(0x7f0000000240)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2254be5c}}, @exit, @map_val={0x18, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xb}, @map_fd={0x18, 0x4, 0x1, 0x0, r0}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}], &(0x7f00000000c0)='GPL\x00', 0x3, 0x9d, &(0x7f0000000400)=""/157, 0x0, 0x1, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000500)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000540)=[{0x3, 0x5, 0x8}, {0x40, 0x5, 0x10}, {0x0, 0x4, 0xb, 0xc}, {0x8, 0x5, 0x3}], 0x10, 0x6}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000140)) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00'}, 0x18) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="4f877c490a9aa780465b1e1f6a5f483fcd74580bd37d478db98658dbabf8a8e66ec11581668ebb2c90403dab1b46bdb42e74bd297f5923621310c0fb788a1f42997e40c962eee50dcadf3d53a98b46063728d9ed466daba27390e6c649231ed67c7dc0e117799858bfe7d432809066954db0c3c640d157f904d7074f2afb62b05691", 0x82}, {&(0x7f0000000300)="39819d9062fd7bf4d1a757c6303ac33d07663201f1ac89560d70a10438afc1cf71e6d40f53eded42ba3bb339056a7927a3b95931e195e0f5bff7d540750320c10d97ae0ac69128a74fea947a60d5ec03eb5d2c598ce1ed7ac9ebb883e8d2007cd8ec8e196c029688df0292e923f0b079b92939ec5e360628787c88ed9e813bb7c755538d7e11eeabfad891d9799d9ad1927482f95736ed484414111a4207065f2e3b74765ece5e24d4a8b2d31c968b32fa54ef26e1e00cc52f793c3cb52c5689c58f8fc110f1363d4feefe6309cc5c910437", 0xd2}, {&(0x7f0000000400)="04bb9673b16b8ef578dabeb6b4bd07e8001e74f3e64d33aa721c10a650dcafbbbf9d5bc63313b8bdc4ce6f0b5116a881dd0b24058094973440147325c8d47e8c2855d87243b7ad7ebe0b360eea557f7168539c", 0x53}, {&(0x7f0000000480)="227a6ddfa722581ce61826b3131c8125422ea369c065ccfc85c840301d0dcfc918c3b831f87e05322878bdea83c192594be4c5405ca9cc8b1293d0adb1ed016457a1758a025ca55f540d919bc9374f82103ae3415645544d4daffb245a2589412779317f5584ce5e30d3a6349f71c71629aed8de8a4c6749030d825baa3f3d92db5e6ae05218d4743b41299c56da139df6ecef3ddbf2cf4a84e6def7b84ecc079a10ca709b8a80d2e44f109cd7a8d13d85df53d6f638857d0370736e1bdeb27fdfe6004b5705446e4460c3ab161cda550f482cd8aacbd2e11cec66dae3187a618776e74428936d6427", 0xe9}], 0x4, &(0x7f00000005c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0x3c, 0x0, 0x7, {[@rr={0x7, 0x13, 0xbc, [@multicast2, @remote, @loopback, @multicast2]}, @timestamp_addr={0x44, 0x14, 0xa7, 0x1, 0x6, [{@loopback, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}]}, @ra={0x94, 0x4}, @end]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xd50}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x76e}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @rand_addr=0x64010100}}}], 0xa8}, 0x20040000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={0xffffffffffffffff, 0x58, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000001d80)={&(0x7f0000000780)=@ll={0x11, 0xc, r4, 0x1, 0x3f, 0x6, @remote}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000000800)="c1fc4e848a064277fe9bdcc9e879c0d5e4fafc2496f7c17bae5ee7b93fa7eee03ed7b17c", 0x24}, {&(0x7f0000000840)="c1e69c68f7052cbca9bbed067034d6b9a61c4c8237f1dd0d51f63ebc97b03aabb7227924686abb7ed5395ebcb230f0cdc1e6ed5f79937abacc12bee880becfad72a5d45fd2ffbaf9c2fcf92c0a5c55b616b4cc7109b8232f75189fbaa58341aa23df358fa73a0185e6b8777645928a086f58612aba2d9fb847e784aca55d09a389d9ff6c2ba91c2ad3c258a66d778d6a8c9ad464ef8c2e0751b1983c70ab14565b9a4023af334e9922bd7bcd24fee1c5d74892de1133195c40e512bac01d0bb1800be60a68550518cdd9f50ff0d72a2db62be47470b10c244e6f13adfdb31b148e6e5c9170921f5a51e2ac7f0f16e352263d3ff88696738b54a592ab", 0xfc}, {&(0x7f0000000940)="4e62f13861435e9ffbfc72d9a1e9cbda7d37a428f3ae4b537a6ba4df472cfa75fe32d79ca106054f0de0f72ade2d5ec7635a8f000371cfb4be8c579508fbf0c3cb2b2cc73f774e08b5fcf5af15c3935cc59961e3b051a2493fdfa1f4b17ad664efc7e12467fb898b087f86b5776277c1c68976b52cc82db804f659279355f7116aee6fa4b930ff9ce4180b929ac87fb218ecb5b2aa37fe8a3817399d3cbfe8d814e174defdf85df15570ce072d80b7c5282e593d437ce2c60355028f5bec9e79c24c444d0bc0c29100c27897897530fb7394dc903e4ae36e09d218813988a3a60032ab0e1f8bd081e0b266da3f2dbbd9753f3ef8c60b8c28b57f469467a9276f6ed8ce4087bb6265ef4a71cc4ccd782b9855c536354a7513523df7462fa6d45463f8ebb00d034dd1825dfa95c39927c42c28ccc9298f38de73cedd45ae6834a13e61f56ccaebea9089a38653ba9ef2b13e7a8a13817e1e3de9f4d4a72c6d308f1dab36c9dab57d5ef2fbcda765e5518f0a0c13635c58d997dcfebd424c279d2278e9039b1e9783ab8d3e5416d9c446c4d350dbce1e4caab969f6d7f31259972d24bec11484a9f2f74d351065a798149feec9ade5e7b51c8c676e1088adb1c162e90763e9e47e7d68acbbcd78d4ee76a6e81aae6e0839607bd9e847243ce67fd4844c9348bce7660d41cc2bbeeeb0150e329a0610fdacbad7d3924aa34aea4111350f7f62a8fa59264a73fa13b8668bed46b76aad52bad5bfa5d55c2b8c69d92aaca33ccf9f8b4f8de02b32063707d0010a8edd5f21be10721ff271a79376b53b529b845d3abcae9330567a5c54c54c86c87ca0edf2605f76e42e35323de09940142fb2eb57e01d1a395bce7591f748aec7c2d32a782509f7ca97db15d35f5b4fc2e2a8b56962a7e778d4299b70abee007c08e9070cee4b4138e4d35d11ca8712f0ff181b466c5460b65fa6ecb7a6b55cc786a1716527f331d7ee2ac1e07efd0466d0ed15e07141240bed2488eb247288ec5fbd90b11137825e06e360cdccffe09557be679f07d54493e47ae1ecbc9998c139fe3e80ba729f257b6a677ed7892aefa67903095a9e1048a299772302b069408e4cc3df8bc05c7b4c02560057df4d398b04756d154cd6821d6ce6a1bd654cbf88347a1a82f95960f8ac6c8fdaadd134b69dfdebf140f02486cdb0d44e502a7a91944b68c6e4641376eae2067c34ba5e96bc28a954c64fc056fa8100b60b3296da66e835ccf3705731a2fe1c664baba6b272e12dc5f78b55c52c9eaffb2388788eabd144a2411bb6551ad803a44c2d627174b4f3f67fd4e5be388efc037cc58c7a12999a64aa3d548b06d259e735d308fd4f7b27e386e62da4958fa7310d07107a334a6eba081d23c92f70b08847ea71effadc2735bdc4c0b31cbd241490d2317126ddb449c03f3b6ad88d3b84e9be56824e83e772b2bfd435e11100927678f39d8c61b925e7057e592a4628e4649971a47731415cf36c1849c5d74577fdc867e8fa0cafce9026bec941a9cd2192e99953d1f16281903a258bb79b1ca5e8e06c3ac79baaa5c914836e29189b16608539faf43c45c2ec2ed70e8aa34991697b72c9440fe37e146b241d8187ebd9e0b7d5d2a905738559d39b8938d905ed67563a841194a03e37177ec66cbf1464367623fdece58df336717231b16f9d502a14a9035f6615526c63031af1766e954490f53e656979b87fe399220198c9a295fd95db28c7a130db507d08b969ee0381d0e9b8309dad16a181f24d64a01c9e89c3f25bf606cb7276f5a994102e87ac2680d2498c6c4908a9779ee1568f33f0e0b044f8f4b3abdba489adfef7c18ffd96dd48e1b26dd3fa4af3f3a2e2156b9b6d50f92f34294378de5273fba993a34458931f264f99148512230a39ab2e6566b95323979152abd520b5b68ff23573a5cfd787e53ed0f648b511b61ce64d1a4b80a11486bdd3c8051e687bda658afa29dea206763eb224305596899003234550269f400a4dc4886cdeb9cb48f5c8b3b2be9b0dd781fc85e02f5b9d4c77410e658eb107b84855ac725749e85c14b7ebd20a89ab662b08bbdba12dbafe9cf12c79c8da6b5c279b356c28d6153b201dfe154d3caf08bc568d98bc3015aaa66864128bf95f958a7540ee3157d60c25684468cceb356610eafd4a475cb4e2220c320372b2fbe4e326d1f446fe02a5b3b07669c4e9ae94741b9731c1d12d438d9ef39d05a6587b2c2027dc186dbc2313929eb285df40f40b5b5e013d9f0590b8cea734178904450303e2d4c44d8ee2c7e6b24f2410d6721b79c45d94f4ea97a1f2c8e91dc3741347f8f5dd4e346be0630f327fe5f2458cb8ff2fbb7237b141b1aa01f8f1468a0083ee80b456135fca39d044d73abff212fbb04518a7044583e4126d9b922ad6d5722ba24ef5b2c9c76412586febc8abfbf48e1798a12f5772ff5d49544d7c52ef750f86cf47c64a3b8687cb0d319dad14629a208f40c35f4d15260a666c87c0c19c5c94c4af3af7826abbcc9b88aff64b7b17687660a488887bc3b96f7d76ee94cc253d6aae4b76a55891a2769467f1604e5ddf50d7e020033d7d520c6659c4d65b154b72823fd9e7ad7ca1746eef5f8819d936c85d0abb21c32f312776773b37fad7cdd5f7e73415be407bcdb5e9d391b24d0c8c4c632ee572fbd693006808ca26c65468e742f3e15931ef5ec766a427801af240d042d74df6cfaa9fd0de2179b5fb770e0ee6325ad455ef598b116cda9a977392d8604d0af99f37fd2b5e578464a78565cd5d9437b857b83d73191015a568745860abceaf157f5dd910ff4e69cebd9436001c09bcfdfa8727f754f391a29a3fdc65d0564d5ecbd7f1ad72a8fad9ea06fe490b0c5515c8d8c8027a5e42be223dc31f4d866ec479205b4c8f673fa0278ac0bf49009c406695c3f928dd1a9c8700df9768491397840b6a51ffc318fc84c90726ed1c41203c93a0481662812de9ae08a297ea8050128e2c6ecd84e9fd59c868203416e08a0898fd12abde4b21f8211531abc95722f043ed80b0ceb7b88441538a4f08e295e9649a7caefc7de6bdf8163a158681804ccff5051fe2d047a7f60bae8d65ebdf95812f7f10d22dd514fcb5ae1376eb297b8a06e3905770de7c6c38df664314f0abee5b0e01d073fd29051a5ab7f5362a8041d600e82d570d9b45c38dcb8c32be47fe43cb568b0668fe79066db15dbb67fff2786e8255777f224e96f0c59b8f1ea2a312b1a085a3aa1e02ae038e8ef06783646bf3d94fd16e60703275e915eb801de90b23f88b5bcdb7c02bef17bc00fa8abae2404b18532a235748a5e2a4d09a62923d08fe1425b21c1309cb863a31672ba3002809d7ffdec1ad5e43991a553c1dad16db6418000165d0280ca9bc92a3437715730140ab705e63d060a85122e8c567d85471111c1497d41934ab524660e7f5cbf441855893322f7a5613fc33fd21c13ee464a7fbaa7e70531569ae291b10bcf7a7ba47cd05a3e9f49de229352ba4493ff0b72209beea08b99b0e4bb50fc73feec417ccf63a5291ec5d4e994e681adf083ca50fad7100db16056419830168e7ce21edd04102e00c87eda00c321056597e8adb5cef0ef3b427f63dd0942e55a0ce700824ea4b3084cf0c97c6474720c0d78503eff539e3b8d1de44992a6adef6f90b72625a1961edc048f9d4b9fa81b2b13734ddbaed6900bd18fb2f029b72543fafb1f9ed0fb91b5d15d7db50fa40f4a57a874b95211c84cdacca08dece5d78faa642a4b8288b268f720c45fdf83907713e511cdd33713efb38aabbe8a7f330b8d7188a0da0de9efb0650ed7382f3883de257c3b241413ad21240944c458c4e300b694da45572e690872c4a3831b30ecfa3850569c626b81b9f663a4b256f92c9f0be6eda8dff3e9308a3f1e19e7462bb9dc194b3b33268cb01e3cf199b370fe4271e755655670b89a36a50f818839866dff41ba555ff96ba9a648c36ae9a5d3d0fe14b3a6b7b2b948d3a51c1401db1afd0407c2113504adf8701cdf0c889f6c1c0b25afd907ea6459c6a7757716821c2509779cb5892685a72a6b43bb8edfa20338cab5ddc3cfff083b48b4da53f8405df3554a40c12681eeba4c843d45eace77fca58baf6924ffab6c1b588fbb7699bf3329e7170e8b716a72e0d4087b21c48bc57a446018ab9e3dddc7a564b393038b7ec3e3d2ab4e769824182549e26f3b046ba56a174efa07d6c2c95d069f3a32a9524694e0a259bf23944beed7ca9c882d1e43176c829f618c3f18922118d48e63b02db82726219723e5ae951c9944057fc231a27e5e3acbedffe16cd3a5d75f349ce1a20d5c5bb21f351936b09d57b402026c120483ff3339dc499b8dbf7da4df431ea09257434c7a3d9f061887f0b75c69d37b673a53ca72d2050350aa7913266cf60ccfd6c95abaab6ed78c0583742b020d97bab651955fb7ed8c591126c84fb907bba509163f62d5348baa3460df50e031f9fd491e174b6b2ec1064943631ea6ebf919dae632d3e4feb1f66f2b1740d558db8d25da9ff0f7be708c23964537c9a1192b00148d2df0ddf16c8a078e0eab0da4ef74512fd415e927c9592cc6e37924f78bef8bc4c47740b642de2ee4a6c39dc91da31b50dff7f42b626831a07d3edc164e706242fc37eda3016414520ffc5107c61115e1fc32bce6c4451d122aebfd65c691fb6beff744a5c5a898d815c96736f92bb56434d3d8ac51e17a41fc526908747015a939ad710bf276dc1cb0c630c780963083c6a94bb8fd5eb3aa9375b50ebe8dc703e8bfd39ec6d198cb851dc26b53309f63816fbae06fc59be1736ccc52e7b4120b4b987b5865fef4f7c6647cae7367c26f1317f1489d754f6de358a2533f01f70687684a2b4995a55f6e4456b4f1044f40098b5a75c8887b5010b8620e54a3bb81ba6c4b6a0f6bd5a97df28f7eeceb0f1cb866a5b85554da557163e54e6605f64fda209a166db417a4b388f4c450b0df3720dfcfd061c967de17c0baa4d7a91475c3b0dc0ca6942cbd75e7734c2efa1e9020c3dd42569477afc0c3d023a31497ae06145806d93380118dc05614a4b099d23eb9445b44ffdb323a5c5e57e942dae90870b2b066ee7997503f79c58b13e191d8423f9214c7054fdcde8e67eda22d6469754e58423154337cc528236cf959a503ca1cb744ae30dd5876bfcfb7bef2be98aaa66b8db7799df3ef8ed0e6e6f74bd78533f907e3a3c43ad5051ef5b6b43c9cb21e09d08e3c9bc7c6d4098d82cc79e89c6baad5b2a8dbcc5441269bba5ef9fb6852e68b5c0ca6522e502cc4b6491b49a7e8948b3624255275be3488031a71e1ecf25fecc6342b45b35de297742d31bb08e1905fb117265b9f721eaf46e3a31c2f91c63f9ce0b8b3709c37dab239057d823158204cd9648717009e4c43774c810eb549dc5e12864ade68bf9804346bc3ef4c215005fa639aa2c7e20430856e498f6f972963d471f5c8257bfaf493bae10cac2528a88ee6d63c55b845ed66ddd9c5e531062929053c2dd64478f3842997266c12ad6f437f1f7a2afec56855499c587fd25fdd764696bfbda8eb6d1327826156f85cf7f975f05ce80340fc8020e94881267fd400549a7b9c95a5364a8ae5d86b0b589438c0118cc582975496b529cc2b327c6e7e3df98ecfa4573b1de069a658c2ac174d70131e7137e0e6b184b3b4f05e93702dea89df24219c4a622d89e3358fd52c242783e8068ce48e8aa499f5243b260510857ab2546322ee96fd3e76956a5ebaed0171258", 0x1000}, {&(0x7f0000001940)="643e361b8fc40b405e657670695ed894b502fa336b71a9ea6b393ea302cdec58e441e9c5e05a9d567aaadec9f772892d367b64e195fd1509141fc42b07cfd150f6a677bbd0942b95565f4ce597884a2547d9791a7184bc57dc8f9c91c41796900a19a4def3d35463d80c14f759ecfaf6f3a83f2e0a3c4d22b0fb0a2f51796fbc6561ba84511cdd6d69f59a56a126327329e687328eaa5fd7523dd3318d38a47c29aa3f02430bd4cacc7b58549b0227be0f99a7f46737fd0bd3", 0xb9}, {&(0x7f0000001a00)="95e775359e9b69b0011d67a25a5315fa1ff582ed8329919e7bdf842374468cf9eee29e84086fedf97ed061e01c7fbee57f1941fb1086331059ff9edded0dce9cbd8e02d81e89255915d1", 0x4a}, {&(0x7f0000001a80)="14f2fc15253b724a18d8b5a4d7786e82b48dd154b1df093bd421ca586a3d0d2d1f9574812b452e2c00f177dfe655afc9e064d6ebe267f868683d5dfef9f6e4159f57cdef847af4e04e7e9ad05398f92b9ed1bcee7b4c819910e9656e0f4a9e7f413c821dbe98d9d6c65798a008d3b30911b740757930034cd84135287dd38a6ad0578c871028b9f713718446a4a6655cd65860b1258408e00683e5859f0cf167a500b096d4c7ddbfc21da6c46ee1c902be72fb038758", 0xb6}], 0x6, &(0x7f0000001bc0)=[{0x78, 0x10f, 0x6, "25239e466716c27e1f87ede739ba58e37a54044aef92be1ab1e2ddc529beed46c24835022cb6cd74aa3359a46d1e978a3da88e8a666223f6c380c686c0cca6ba960302b4b624238be54093803db746da109333a68b955428bb8e0f7a4c2a517f136d75862c"}, {0xf0, 0x118, 0x80000001, "50742dd9769f44ba9246a7b7208b891c1d1050673b4fa6b3a3e5a4b42cb2b0bdfd3ede3317690d5fdc93f65ea10f3a1bc7100184944355d718fab5d8bde43f5009177d1ac08c37f23e5f4e5de8dbafb2ffa7667eb1b9d6323e86e7aa2efb5e5b58601f5f6ecf42197239fcc5a9bbf0e8fc4bcce15a20f56a41f6e9800436c5c82c64d1f663a1107918d1b9d616b5cce8fe7e4c5652d8696a3eb0e4d0796c7ade95e003a8219b149afcf456ddd410fa0aadc72e3176c44cc410ba3002fdf07b7e66c55fad6cb8117f7efe251fc672328d65679e230e568a2dc08b9a432a"}, {0x38, 0x107, 0x4, "a84ce2eed353b165cf9280b7d01c33cf083fb284c1d9233f61b2f27df51a0df0258436d97f"}], 0x1a0}, 0x4000050) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000001dc0)='memory.min\x00', 0x2, 0x0) perf_event_open(&(0x7f0000001f00)={0x2, 0x80, 0x1f, 0x7, 0xff, 0x4, 0x0, 0x54, 0x280ac, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000001ec0), 0x1}, 0x10100, 0x1, 0xa916, 0x4, 0x6, 0x70, 0x200, 0x0, 0x3, 0x0, 0x400}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x3) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002080)={@ifindex=r4, 0x2b, 0x0, 0x6, &(0x7f0000001f80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000001fc0)=[0x0, 0x0], &(0x7f0000002000)=[0x0, 0x0, 0x0], &(0x7f0000002040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000020c0)={@cgroup, 0xffffffffffffffff, 0x21, 0x8, 0x0, @prog_id, r6}, 0x20) perf_event_open$cgroup(&(0x7f0000002100)={0x4, 0x80, 0x81, 0x9, 0x3f, 0x2, 0x0, 0x4c, 0x40, 0xc, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x200, 0x2f}, 0x4, 0x0, 0x401, 0x3, 0x100000001, 0xd05, 0x6, 0x0, 0x3, 0x0, 0xb37}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xfffe) r7 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000021c0)=@generic={&(0x7f0000002180)='./file0\x00', 0x0, 0x8}, 0x18) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000002500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000002600)={0x3, 0x22, &(0x7f0000002200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@printk={@d}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000002340)='syzkaller\x00', 0xffffffcf, 0xc2, &(0x7f0000002380)=""/194, 0x40f00, 0x9, '\x00', r4, 0x2f, 0xffffffffffffffff, 0x8, &(0x7f0000002480)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000024c0)={0x0, 0x5, 0x4, 0x5}, 0x10, 0x0, r7, 0x7, &(0x7f0000002540)=[0xffffffffffffffff, r8, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000002580)=[{0x4, 0x4, 0x9, 0x2}, {0x0, 0x1, 0x4, 0xc}, {0x5, 0x5, 0x8, 0x5}, {0x1, 0x4, 0x3, 0x2}, {0x2, 0x1, 0xd, 0x3}, {0x3, 0x2, 0xe, 0x3}, {0x2, 0x5, 0xc, 0x3}], 0x10, 0x8}, 0x90) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002780)=@generic={&(0x7f0000002740)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002a00)={0x6, 0x15, &(0x7f0000002840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r9}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000002900)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x4d, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002940)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000002980)={0x1, 0x9, 0x7, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[r8], 0x0, 0x10, 0x5}, 0x90) bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8) syz_clone(0x8008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:30 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x42, &(0x7f0000000040), 0x3b) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x9, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @typedef={0x2}, @func={0x3, 0x0, 0x0, 0xc, 0x3}, @union={0x2, 0x5, 0x0, 0x5, 0x1, 0x4fb, [{0x7, 0x0, 0xe6}, {0x6, 0x1, 0x3}, {0xa, 0x2, 0x9b2c}, {0xd, 0x4, 0x3}, {0x8, 0x0, 0x6}]}, @typedef={0x2, 0x0, 0x0, 0x8, 0x3}, @func={0x9, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x5f, 0x0, 0x30, 0x0, 0x2e, 0x2e, 0x30]}}, &(0x7f0000000180)=""/54, 0xa5, 0x36, 0x0, 0x5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000480)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xd1, &(0x7f0000000540)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xc, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1000, '\x00', r4, 0xffffffffffffffff, 0x5, 0x5, 0x3}, 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000800)={0x1b, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x6, 0x9, &(0x7f0000000080)=@raw=[@alu={0x4, 0x0, 0x1, 0x3, 0x3, 0xfffffffffffffffe, 0xfffffffffffffff0}, @printk={@lu}], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x65, '\x00', 0x0, 0x18, r3, 0x8, &(0x7f0000000300)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x4, 0x6, 0x5}, 0x10, r5, r0, 0x2, &(0x7f0000000880)=[r6, r7, r2], &(0x7f00000008c0)=[{0x3, 0x3, 0x2, 0x8}, {0x2, 0x4, 0xe, 0x2}], 0x10, 0x9}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fff00000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000f80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:30 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) (fail_nth: 1) 07:45:31 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (fail_nth: 1) 07:45:31 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fffd0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:31 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 1747.063113][T25062] FAULT_INJECTION: forcing a failure. [ 1747.063113][T25062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.068545][T25064] FAULT_INJECTION: forcing a failure. [ 1747.068545][T25064] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.091051][T25064] CPU: 0 PID: 25064 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1747.102600][T25064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1747.112492][T25064] Call Trace: [ 1747.115617][T25064] [ 1747.118394][T25064] dump_stack_lvl+0x151/0x1b7 [ 1747.122908][T25064] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1747.128383][T25064] dump_stack+0x15/0x17 [ 1747.132364][T25064] should_fail+0x3c6/0x510 [ 1747.136625][T25064] __should_failslab+0xa4/0xe0 [ 1747.141218][T25064] ? dup_task_struct+0x53/0xc60 [ 1747.145917][T25064] should_failslab+0x9/0x20 [ 1747.150246][T25064] slab_pre_alloc_hook+0x37/0xd0 [ 1747.155020][T25064] ? dup_task_struct+0x53/0xc60 [ 1747.159705][T25064] kmem_cache_alloc+0x44/0x200 [ 1747.164310][T25064] dup_task_struct+0x53/0xc60 [ 1747.168821][T25064] ? __kasan_check_write+0x14/0x20 [ 1747.173768][T25064] copy_process+0x5c4/0x3290 [ 1747.178195][T25064] ? __kasan_check_write+0x14/0x20 [ 1747.183141][T25064] ? proc_fail_nth_write+0x20b/0x290 [ 1747.188260][T25064] ? selinux_file_permission+0x2c4/0x570 [ 1747.193728][T25064] ? fsnotify_perm+0x6a/0x5d0 [ 1747.198247][T25064] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1747.203273][T25064] ? vfs_write+0x9ec/0x1110 [ 1747.207623][T25064] kernel_clone+0x21e/0x9e0 [ 1747.211953][T25064] ? file_end_write+0x1c0/0x1c0 [ 1747.216641][T25064] ? create_io_thread+0x1e0/0x1e0 [ 1747.221501][T25064] ? mutex_unlock+0xb2/0x260 [ 1747.226013][T25064] ? __mutex_lock_slowpath+0x10/0x10 [ 1747.231152][T25064] __x64_sys_clone+0x23f/0x290 [ 1747.235737][T25064] ? __do_sys_vfork+0x130/0x130 [ 1747.240421][T25064] ? ksys_write+0x260/0x2c0 [ 1747.244766][T25064] ? debug_smp_processor_id+0x17/0x20 [ 1747.249972][T25064] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1747.255877][T25064] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1747.261338][T25064] do_syscall_64+0x3d/0xb0 [ 1747.265596][T25064] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1747.271319][T25064] RIP: 0033:0x7f0ca8db8da9 [ 1747.275575][T25064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1747.295015][T25064] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1747.303258][T25064] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1747.311072][T25064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1747.318887][T25064] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1747.326690][T25064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1747.334503][T25064] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1747.342322][T25064] [ 1747.345292][T25062] CPU: 1 PID: 25062 Comm: syz-executor.3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1747.356834][T25062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1747.366721][T25062] Call Trace: [ 1747.369845][T25062] [ 1747.372630][T25062] dump_stack_lvl+0x151/0x1b7 [ 1747.377132][T25062] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1747.382724][T25062] dump_stack+0x15/0x17 [ 1747.386680][T25062] should_fail+0x3c6/0x510 [ 1747.390935][T25062] should_fail_usercopy+0x1a/0x20 [ 1747.395793][T25062] _copy_from_user+0x20/0xd0 [ 1747.400221][T25062] __sys_bpf+0x1e9/0x760 [ 1747.404298][T25062] ? fput_many+0x160/0x1b0 [ 1747.408553][T25062] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1747.413760][T25062] ? debug_smp_processor_id+0x17/0x20 [ 1747.418970][T25062] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1747.424884][T25062] __x64_sys_bpf+0x7c/0x90 [ 1747.429122][T25062] do_syscall_64+0x3d/0xb0 [ 1747.433372][T25062] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1747.439104][T25062] RIP: 0033:0x7f50d18a4da9 [ 1747.443358][T25062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:31 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000ff0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:31 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 07:45:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) (fail_nth: 2) [ 1747.462803][T25062] RSP: 002b:00007f50d06260c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1747.471038][T25062] RAX: ffffffffffffffda RBX: 00007f50d19d2f80 RCX: 00007f50d18a4da9 [ 1747.478851][T25062] RDX: 0000000000000080 RSI: 0000000020000880 RDI: 0000000000000005 [ 1747.486662][T25062] RBP: 00007f50d0626120 R08: 0000000000000000 R09: 0000000000000000 [ 1747.494474][T25062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1747.502286][T25062] R13: 000000000000000b R14: 00007f50d19d2f80 R15: 00007ffeb1597198 [ 1747.510105][T25062] 07:45:31 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000f0ff0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:31 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fdff0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1747.531765][T25069] FAULT_INJECTION: forcing a failure. [ 1747.531765][T25069] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1747.552613][T25072] FAULT_INJECTION: forcing a failure. [ 1747.552613][T25072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.570021][T25069] CPU: 0 PID: 25069 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1747.581687][T25069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1747.591654][T25069] Call Trace: [ 1747.594773][T25069] [ 1747.597551][T25069] dump_stack_lvl+0x151/0x1b7 [ 1747.602064][T25069] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1747.607530][T25069] dump_stack+0x15/0x17 [ 1747.611519][T25069] should_fail+0x3c6/0x510 [ 1747.615776][T25069] should_fail_alloc_page+0x5a/0x80 [ 1747.620835][T25069] prepare_alloc_pages+0x15c/0x700 [ 1747.623708][T25059] FAULT_INJECTION: forcing a failure. 07:45:31 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1747.623708][T25059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.625758][T25069] ? __alloc_pages_bulk+0xe40/0xe40 [ 1747.625790][T25069] __alloc_pages+0x18c/0x8f0 [ 1747.625807][T25069] ? prep_new_page+0x110/0x110 [ 1747.625823][T25069] ? __this_cpu_preempt_check+0x13/0x20 [ 1747.625842][T25069] ? __mod_memcg_lruvec_state+0x11c/0x1b0 [ 1747.663603][T25069] new_slab+0x9a/0x4e0 [ 1747.667507][T25069] ___slab_alloc+0x39e/0x830 [ 1747.671929][T25069] ? dup_task_struct+0x53/0xc60 [ 1747.676614][T25069] ? dup_task_struct+0x53/0xc60 [ 1747.681313][T25069] __slab_alloc+0x4a/0x90 [ 1747.685472][T25069] ? dup_task_struct+0x53/0xc60 [ 1747.690152][T25069] kmem_cache_alloc+0x134/0x200 [ 1747.694841][T25069] dup_task_struct+0x53/0xc60 [ 1747.699352][T25069] ? __kasan_check_write+0x14/0x20 [ 1747.704298][T25069] copy_process+0x5c4/0x3290 [ 1747.708729][T25069] ? __kasan_check_write+0x14/0x20 [ 1747.713680][T25069] ? proc_fail_nth_write+0x20b/0x290 [ 1747.718803][T25069] ? selinux_file_permission+0x2c4/0x570 [ 1747.724263][T25069] ? fsnotify_perm+0x6a/0x5d0 [ 1747.728778][T25069] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1747.733722][T25069] ? vfs_write+0x9ec/0x1110 [ 1747.738064][T25069] kernel_clone+0x21e/0x9e0 [ 1747.742404][T25069] ? file_end_write+0x1c0/0x1c0 [ 1747.747095][T25069] ? create_io_thread+0x1e0/0x1e0 [ 1747.751948][T25069] ? mutex_unlock+0xb2/0x260 [ 1747.756384][T25069] ? __mutex_lock_slowpath+0x10/0x10 [ 1747.761495][T25069] __x64_sys_clone+0x23f/0x290 [ 1747.766096][T25069] ? __do_sys_vfork+0x130/0x130 [ 1747.770796][T25069] ? ksys_write+0x260/0x2c0 [ 1747.775122][T25069] ? debug_smp_processor_id+0x17/0x20 [ 1747.780329][T25069] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1747.786230][T25069] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1747.791701][T25069] do_syscall_64+0x3d/0xb0 [ 1747.795963][T25069] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1747.801682][T25069] RIP: 0033:0x7f0ca8db8da9 [ 1747.805935][T25069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1747.825375][T25069] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1747.833619][T25069] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1747.841429][T25069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1747.849239][T25069] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1747.857054][T25069] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1747.864863][T25069] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1747.872688][T25069] [ 1747.875539][T25059] CPU: 1 PID: 25059 Comm: syz-executor.1 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1747.887084][T25059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1747.896976][T25059] Call Trace: [ 1747.900099][T25059] [ 1747.902887][T25059] dump_stack_lvl+0x151/0x1b7 [ 1747.907391][T25059] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1747.912861][T25059] dump_stack+0x15/0x17 [ 1747.916849][T25059] should_fail+0x3c6/0x510 [ 1747.921105][T25059] should_fail_usercopy+0x1a/0x20 [ 1747.925965][T25059] _copy_from_user+0x20/0xd0 [ 1747.930390][T25059] __sys_bpf+0x1e9/0x760 [ 1747.934473][T25059] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1747.939681][T25059] ? __kasan_check_read+0x11/0x20 [ 1747.944542][T25059] __x64_sys_bpf+0x7c/0x90 [ 1747.948789][T25059] do_syscall_64+0x3d/0xb0 [ 1747.953047][T25059] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1747.958770][T25059] RIP: 0033:0x7f080200eda9 [ 1747.963024][T25059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1747.982471][T25059] RSP: 002b:00007f0800d900c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1747.990734][T25059] RAX: ffffffffffffffda RBX: 00007f080213cf80 RCX: 00007f080200eda9 [ 1747.998522][T25059] RDX: 0000000000000090 RSI: 0000000020000340 RDI: 0000000000000005 [ 1748.006330][T25059] RBP: 00007f0800d90120 R08: 0000000000000000 R09: 0000000000000000 [ 1748.014230][T25059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1748.022043][T25059] R13: 000000000000000b R14: 00007f080213cf80 R15: 00007fff5759b118 [ 1748.029857][T25059] 07:45:32 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1748.034296][T25072] CPU: 0 PID: 25072 Comm: syz-executor.3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1748.045932][T25072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1748.055826][T25072] Call Trace: [ 1748.058945][T25072] [ 1748.061724][T25072] dump_stack_lvl+0x151/0x1b7 [ 1748.066243][T25072] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1748.071704][T25072] ? kstrtouint_from_user+0x20a/0x2a0 [ 1748.076920][T25072] ? kstrtol_from_user+0x310/0x310 [ 1748.081858][T25072] ? avc_has_perm_noaudit+0x348/0x430 [ 1748.087086][T25072] dump_stack+0x15/0x17 [ 1748.091057][T25072] should_fail+0x3c6/0x510 [ 1748.095313][T25072] should_fail_usercopy+0x1a/0x20 [ 1748.100171][T25072] strncpy_from_user+0x24/0x2d0 [ 1748.104868][T25072] bpf_prog_load+0x185/0x1b50 [ 1748.109372][T25072] ? map_freeze+0x370/0x370 [ 1748.113713][T25072] ? selinux_bpf+0xcb/0x100 [ 1748.118050][T25072] ? security_bpf+0x82/0xb0 [ 1748.122388][T25072] __sys_bpf+0x4bc/0x760 [ 1748.126469][T25072] ? fput_many+0x160/0x1b0 [ 1748.130825][T25072] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1748.136031][T25072] ? debug_smp_processor_id+0x17/0x20 [ 1748.141236][T25072] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1748.147137][T25072] __x64_sys_bpf+0x7c/0x90 [ 1748.151393][T25072] do_syscall_64+0x3d/0xb0 [ 1748.155645][T25072] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1748.161370][T25072] RIP: 0033:0x7f50d18a4da9 [ 1748.165625][T25072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:32 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) [ 1748.185070][T25072] RSP: 002b:00007f50d06260c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1748.193312][T25072] RAX: ffffffffffffffda RBX: 00007f50d19d2f80 RCX: 00007f50d18a4da9 [ 1748.201122][T25072] RDX: 0000000000000080 RSI: 0000000020000880 RDI: 0000000000000005 [ 1748.208932][T25072] RBP: 00007f50d0626120 R08: 0000000000000000 R09: 0000000000000000 [ 1748.216742][T25072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1748.224561][T25072] R13: 000000000000000b R14: 00007f50d19d2f80 R15: 00007ffeb1597198 [ 1748.232373][T25072] 07:45:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) (fail_nth: 3) [ 1748.275774][T25083] FAULT_INJECTION: forcing a failure. [ 1748.275774][T25083] name failslab, interval 1, probability 0, space 0, times 0 [ 1748.280183][T25085] FAULT_INJECTION: forcing a failure. [ 1748.280183][T25085] name failslab, interval 1, probability 0, space 0, times 0 [ 1748.304166][T25085] CPU: 0 PID: 25085 Comm: syz-executor.3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1748.315722][T25085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1748.325612][T25085] Call Trace: [ 1748.328736][T25085] [ 1748.331514][T25085] dump_stack_lvl+0x151/0x1b7 [ 1748.336028][T25085] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1748.341494][T25085] ? _raw_spin_trylock+0xcd/0x1a0 [ 1748.346356][T25085] dump_stack+0x15/0x17 [ 1748.350348][T25085] should_fail+0x3c6/0x510 [ 1748.354600][T25085] __should_failslab+0xa4/0xe0 [ 1748.359200][T25085] should_failslab+0x9/0x20 [ 1748.363541][T25085] slab_pre_alloc_hook+0x37/0xd0 [ 1748.368312][T25085] kmem_cache_alloc_trace+0x48/0x210 [ 1748.373436][T25085] ? __get_vm_area_node+0x117/0x360 [ 1748.378468][T25085] ? handle_pte_fault+0xb5c/0x2340 [ 1748.383431][T25085] __get_vm_area_node+0x117/0x360 [ 1748.388278][T25085] __vmalloc_node_range+0xe2/0x8d0 [ 1748.393218][T25085] ? bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.398602][T25085] ? selinux_capset+0xf0/0xf0 [ 1748.403115][T25085] ? kstrtouint_from_user+0x20a/0x2a0 [ 1748.408323][T25085] ? kstrtol_from_user+0x310/0x310 [ 1748.413272][T25085] ? bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.418651][T25085] __vmalloc+0x7a/0x90 [ 1748.422558][T25085] ? bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.427940][T25085] bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.433152][T25085] ? bpf_prog_alloc+0x15/0x1e0 [ 1748.437747][T25085] bpf_prog_alloc+0x1f/0x1e0 [ 1748.442174][T25085] bpf_prog_load+0x800/0x1b50 [ 1748.446721][T25085] ? map_freeze+0x370/0x370 [ 1748.451030][T25085] ? selinux_bpf+0xcb/0x100 [ 1748.455364][T25085] ? security_bpf+0x82/0xb0 [ 1748.459705][T25085] __sys_bpf+0x4bc/0x760 [ 1748.463784][T25085] ? fput_many+0x160/0x1b0 [ 1748.468037][T25085] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1748.473246][T25085] ? debug_smp_processor_id+0x17/0x20 [ 1748.478452][T25085] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1748.484356][T25085] __x64_sys_bpf+0x7c/0x90 [ 1748.488607][T25085] do_syscall_64+0x3d/0xb0 [ 1748.492857][T25085] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1748.498671][T25085] RIP: 0033:0x7f50d18a4da9 [ 1748.502929][T25085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1748.522373][T25085] RSP: 002b:00007f50d06260c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1748.530611][T25085] RAX: ffffffffffffffda RBX: 00007f50d19d2f80 RCX: 00007f50d18a4da9 [ 1748.538424][T25085] RDX: 0000000000000080 RSI: 0000000020000880 RDI: 0000000000000005 [ 1748.546236][T25085] RBP: 00007f50d0626120 R08: 0000000000000000 R09: 0000000000000000 [ 1748.554045][T25085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1748.561856][T25085] R13: 000000000000000b R14: 00007f50d19d2f80 R15: 00007ffeb1597198 [ 1748.569679][T25085] 07:45:32 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000d1c41a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:32 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1748.575777][T25085] syz-executor.3: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0 [ 1748.578351][T25083] CPU: 0 PID: 25083 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1748.603707][T25083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1748.613579][T25083] Call Trace: [ 1748.616701][T25083] [ 1748.619480][T25083] dump_stack_lvl+0x151/0x1b7 [ 1748.623995][T25083] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1748.629471][T25083] dump_stack+0x15/0x17 [ 1748.633458][T25083] should_fail+0x3c6/0x510 [ 1748.637708][T25083] __should_failslab+0xa4/0xe0 [ 1748.642306][T25083] should_failslab+0x9/0x20 [ 1748.646644][T25083] slab_pre_alloc_hook+0x37/0xd0 [ 1748.651420][T25083] __kmalloc+0x6d/0x270 [ 1748.655413][T25083] ? security_prepare_creds+0x4d/0x140 [ 1748.660708][T25083] security_prepare_creds+0x4d/0x140 [ 1748.665826][T25083] prepare_creds+0x472/0x6a0 [ 1748.670255][T25083] copy_creds+0xf0/0x630 [ 1748.674331][T25083] ? dup_task_struct+0x7e6/0xc60 [ 1748.679106][T25083] copy_process+0x7c3/0x3290 [ 1748.683533][T25083] ? __kasan_check_write+0x14/0x20 [ 1748.688481][T25083] ? proc_fail_nth_write+0x20b/0x290 [ 1748.693599][T25083] ? selinux_file_permission+0x2c4/0x570 [ 1748.699066][T25083] ? fsnotify_perm+0x6a/0x5d0 [ 1748.703582][T25083] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1748.708529][T25083] ? vfs_write+0x9ec/0x1110 [ 1748.712875][T25083] kernel_clone+0x21e/0x9e0 [ 1748.717206][T25083] ? file_end_write+0x1c0/0x1c0 [ 1748.721894][T25083] ? create_io_thread+0x1e0/0x1e0 [ 1748.726753][T25083] ? mutex_unlock+0xb2/0x260 [ 1748.731180][T25083] ? __mutex_lock_slowpath+0x10/0x10 [ 1748.736302][T25083] __x64_sys_clone+0x23f/0x290 [ 1748.740902][T25083] ? __do_sys_vfork+0x130/0x130 [ 1748.745585][T25083] ? ksys_write+0x260/0x2c0 [ 1748.749929][T25083] ? debug_smp_processor_id+0x17/0x20 [ 1748.755133][T25083] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1748.761035][T25083] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1748.766511][T25083] do_syscall_64+0x3d/0xb0 [ 1748.770757][T25083] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1748.776484][T25083] RIP: 0033:0x7f0ca8db8da9 [ 1748.780741][T25083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1748.800268][T25083] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1748.808511][T25083] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1748.816319][T25083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:32 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:32 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1748.824134][T25083] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1748.831944][T25083] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1748.839755][T25083] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1748.847569][T25083] [ 1748.866945][T25085] CPU: 1 PID: 25085 Comm: syz-executor.3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 07:45:32 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) [ 1748.878507][T25085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1748.888401][T25085] Call Trace: [ 1748.891520][T25085] [ 1748.894296][T25085] dump_stack_lvl+0x151/0x1b7 [ 1748.898814][T25085] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1748.904282][T25085] ? pr_cont_kernfs_name+0xf0/0x100 [ 1748.909314][T25085] dump_stack+0x15/0x17 [ 1748.913308][T25085] warn_alloc+0x21a/0x390 [ 1748.917473][T25085] ? zone_watermark_ok_safe+0x270/0x270 [ 1748.922855][T25085] ? kmem_cache_alloc_trace+0x115/0x210 [ 1748.923544][T25096] FAULT_INJECTION: forcing a failure. [ 1748.923544][T25096] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1748.928229][T25085] ? __get_vm_area_node+0x117/0x360 [ 1748.928262][T25085] ? __get_vm_area_node+0x347/0x360 [ 1748.928279][T25085] __vmalloc_node_range+0x2c1/0x8d0 [ 1748.928294][T25085] ? selinux_capset+0xf0/0xf0 [ 1748.960863][T25085] ? kstrtouint_from_user+0x20a/0x2a0 [ 1748.966070][T25085] ? kstrtol_from_user+0x310/0x310 [ 1748.971020][T25085] ? bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.976399][T25085] __vmalloc+0x7a/0x90 [ 1748.980304][T25085] ? bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.985687][T25085] bpf_prog_alloc_no_stats+0x3b/0x2f0 [ 1748.990892][T25085] ? bpf_prog_alloc+0x15/0x1e0 [ 1748.995496][T25085] bpf_prog_alloc+0x1f/0x1e0 [ 1748.999920][T25085] bpf_prog_load+0x800/0x1b50 [ 1749.004434][T25085] ? map_freeze+0x370/0x370 [ 1749.008772][T25085] ? selinux_bpf+0xcb/0x100 [ 1749.013111][T25085] ? security_bpf+0x82/0xb0 [ 1749.017451][T25085] __sys_bpf+0x4bc/0x760 [ 1749.021531][T25085] ? fput_many+0x160/0x1b0 [ 1749.025789][T25085] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1749.030993][T25085] ? debug_smp_processor_id+0x17/0x20 [ 1749.036206][T25085] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1749.042100][T25085] __x64_sys_bpf+0x7c/0x90 [ 1749.046356][T25085] do_syscall_64+0x3d/0xb0 [ 1749.050604][T25085] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1749.056335][T25085] RIP: 0033:0x7f50d18a4da9 [ 1749.060584][T25085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1749.080027][T25085] RSP: 002b:00007f50d06260c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1749.088273][T25085] RAX: ffffffffffffffda RBX: 00007f50d19d2f80 RCX: 00007f50d18a4da9 [ 1749.096258][T25085] RDX: 0000000000000080 RSI: 0000000020000880 RDI: 0000000000000005 [ 1749.104070][T25085] RBP: 00007f50d0626120 R08: 0000000000000000 R09: 0000000000000000 [ 1749.111877][T25085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1749.119693][T25085] R13: 000000000000000b R14: 00007f50d19d2f80 R15: 00007ffeb1597198 [ 1749.127505][T25085] [ 1749.130368][T25096] CPU: 0 PID: 25096 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1749.141908][T25096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1749.151803][T25096] Call Trace: [ 1749.154927][T25096] [ 1749.157704][T25096] dump_stack_lvl+0x151/0x1b7 [ 1749.162216][T25096] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1749.167687][T25096] ? arch_stack_walk+0xf3/0x140 [ 1749.172372][T25096] dump_stack+0x15/0x17 [ 1749.176712][T25096] should_fail+0x3c6/0x510 [ 1749.180969][T25096] should_fail_alloc_page+0x5a/0x80 [ 1749.186000][T25096] prepare_alloc_pages+0x15c/0x700 [ 1749.190946][T25096] ? __alloc_pages_bulk+0xe40/0xe40 [ 1749.195979][T25096] __alloc_pages+0x18c/0x8f0 [ 1749.200503][T25096] ? do_syscall_64+0x3d/0xb0 [ 1749.204932][T25096] ? prep_new_page+0x110/0x110 [ 1749.209529][T25096] __get_free_pages+0x10/0x30 [ 1749.214061][T25096] kasan_populate_vmalloc_pte+0x39/0x130 [ 1749.219512][T25096] ? __apply_to_page_range+0x8ca/0xbe0 [ 1749.224804][T25096] __apply_to_page_range+0x8dd/0xbe0 [ 1749.229924][T25096] ? kasan_populate_vmalloc+0x70/0x70 [ 1749.235132][T25096] ? kasan_populate_vmalloc+0x70/0x70 [ 1749.240346][T25096] apply_to_page_range+0x3b/0x50 [ 1749.245116][T25096] kasan_populate_vmalloc+0x65/0x70 [ 1749.250148][T25096] alloc_vmap_area+0x192f/0x1a80 [ 1749.254924][T25096] ? vm_map_ram+0xa90/0xa90 [ 1749.259260][T25096] ? kmem_cache_alloc_trace+0x115/0x210 [ 1749.264728][T25096] ? __get_vm_area_node+0x117/0x360 [ 1749.269763][T25096] __get_vm_area_node+0x158/0x360 [ 1749.274626][T25096] __vmalloc_node_range+0xe2/0x8d0 [ 1749.280010][T25096] ? copy_process+0x5c4/0x3290 [ 1749.284613][T25096] ? slab_post_alloc_hook+0x72/0x2c0 [ 1749.289819][T25096] ? dup_task_struct+0x53/0xc60 [ 1749.294509][T25096] ? dup_task_struct+0x53/0xc60 [ 1749.299194][T25096] dup_task_struct+0x416/0xc60 [ 1749.303794][T25096] ? copy_process+0x5c4/0x3290 [ 1749.308531][T25096] ? __kasan_check_write+0x14/0x20 [ 1749.313476][T25096] copy_process+0x5c4/0x3290 [ 1749.317904][T25096] ? __kasan_check_write+0x14/0x20 [ 1749.322850][T25096] ? proc_fail_nth_write+0x20b/0x290 [ 1749.327970][T25096] ? selinux_file_permission+0x2c4/0x570 [ 1749.333437][T25096] ? fsnotify_perm+0x6a/0x5d0 [ 1749.337949][T25096] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1749.342913][T25096] ? vfs_write+0x9ec/0x1110 [ 1749.347247][T25096] kernel_clone+0x21e/0x9e0 [ 1749.351578][T25096] ? file_end_write+0x1c0/0x1c0 [ 1749.356264][T25096] ? create_io_thread+0x1e0/0x1e0 [ 1749.361123][T25096] ? mutex_unlock+0xb2/0x260 [ 1749.365554][T25096] ? __mutex_lock_slowpath+0x10/0x10 [ 1749.370674][T25096] __x64_sys_clone+0x23f/0x290 [ 1749.375273][T25096] ? __do_sys_vfork+0x130/0x130 [ 1749.379958][T25096] ? ksys_write+0x260/0x2c0 [ 1749.384301][T25096] ? debug_smp_processor_id+0x17/0x20 [ 1749.389507][T25096] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1749.395408][T25096] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1749.400877][T25096] do_syscall_64+0x3d/0xb0 [ 1749.405143][T25096] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1749.410870][T25096] RIP: 0033:0x7f0ca8db8da9 [ 1749.415231][T25096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1749.434751][T25096] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1749.443018][T25096] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1749.450812][T25096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1749.458616][T25096] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1749.466437][T25096] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1749.474240][T25096] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1749.482067][T25096] [ 1749.486007][T25085] Mem-Info: [ 1749.499434][T25085] active_anon:12107 inactive_anon:114342 isolated_anon:0 [ 1749.499434][T25085] active_file:4712 inactive_file:10125 isolated_file:0 [ 1749.499434][T25085] unevictable:0 dirty:227 writeback:0 [ 1749.499434][T25085] slab_reclaimable:12901 slab_unreclaimable:71656 [ 1749.499434][T25085] mapped:26027 shmem:12976 pagetables:782 bounce:0 07:45:33 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000a0032000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:33 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 07:45:33 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:33 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x3, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1749.499434][T25085] kernel_misc_reclaimable:0 [ 1749.499434][T25085] free:1444659 free_pcp:21652 free_cma:0 [ 1749.550942][T25085] Node 0 active_anon:48428kB inactive_anon:457268kB active_file:18848kB inactive_file:40500kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:104108kB dirty:908kB writeback:0kB shmem:51904kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:5468kB pagetables:2928kB all_unreclaimable? no 07:45:33 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:33 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000001000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1749.589835][T25085] DMA32 free:2967700kB min:62592kB low:78240kB high:93888kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2981436kB mlocked:0kB bounce:0kB free_pcp:5404kB local_pcp:5124kB free_cma:0kB [ 1749.618160][T25085] lowmem_reserve[]: 0 3941 3941 [ 1749.623477][T25108] FAULT_INJECTION: forcing a failure. [ 1749.623477][T25108] name failslab, interval 1, probability 0, space 0, times 0 [ 1749.636818][T25085] Normal free:2810024kB min:84860kB low:106072kB high:127284kB reserved_highatomic:0KB active_anon:48428kB inactive_anon:457368kB active_file:18848kB inactive_file:40500kB unevictable:0kB writepending:908kB present:5242880kB managed:4035848kB mlocked:0kB bounce:0kB free_pcp:82164kB local_pcp:29460kB free_cma:0kB [ 1749.666426][T25108] CPU: 1 PID: 25108 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1749.678075][T25108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1749.687962][T25108] Call Trace: [ 1749.691083][T25108] [ 1749.693867][T25108] dump_stack_lvl+0x151/0x1b7 [ 1749.698378][T25108] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1749.703840][T25108] ? ida_alloc_range+0x987/0xa80 [ 1749.708613][T25108] ? kfree+0x1f3/0x220 [ 1749.712518][T25108] ? xas_nomem+0x19a/0x1d0 [ 1749.716769][T25108] dump_stack+0x15/0x17 [ 1749.720767][T25108] should_fail+0x3c6/0x510 [ 1749.725019][T25108] __should_failslab+0xa4/0xe0 [ 1749.729625][T25108] should_failslab+0x9/0x20 [ 1749.733956][T25108] slab_pre_alloc_hook+0x37/0xd0 [ 1749.738730][T25108] ? setup_userns_sysctls+0x55/0x340 [ 1749.743851][T25108] __kmalloc_track_caller+0x6c/0x260 [ 1749.748970][T25108] ? setup_userns_sysctls+0x55/0x340 [ 1749.754092][T25108] kmemdup+0x24/0x50 [ 1749.757826][T25108] setup_userns_sysctls+0x55/0x340 [ 1749.762780][T25108] create_user_ns+0x1230/0x19d0 [ 1749.767459][T25108] ? utsns_owner+0x40/0x40 [ 1749.771713][T25108] ? security_prepare_creds+0x102/0x140 [ 1749.777093][T25108] ? prepare_creds+0x486/0x6a0 [ 1749.781701][T25108] copy_creds+0x20e/0x630 [ 1749.785856][T25108] ? dup_task_struct+0x7e6/0xc60 [ 1749.790637][T25108] copy_process+0x7c3/0x3290 [ 1749.795066][T25108] ? __kasan_check_write+0x14/0x20 [ 1749.800004][T25108] ? proc_fail_nth_write+0x20b/0x290 [ 1749.805127][T25108] ? selinux_file_permission+0x2c4/0x570 [ 1749.810592][T25108] ? fsnotify_perm+0x6a/0x5d0 [ 1749.815107][T25108] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1749.820053][T25108] ? vfs_write+0x9ec/0x1110 [ 1749.824397][T25108] kernel_clone+0x21e/0x9e0 [ 1749.828735][T25108] ? file_end_write+0x1c0/0x1c0 [ 1749.833420][T25108] ? create_io_thread+0x1e0/0x1e0 [ 1749.838280][T25108] ? mutex_unlock+0xb2/0x260 [ 1749.842707][T25108] ? __mutex_lock_slowpath+0x10/0x10 [ 1749.847834][T25108] __x64_sys_clone+0x23f/0x290 [ 1749.852433][T25108] ? __do_sys_vfork+0x130/0x130 [ 1749.857113][T25108] ? ksys_write+0x260/0x2c0 [ 1749.861453][T25108] ? debug_smp_processor_id+0x17/0x20 [ 1749.866661][T25108] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1749.872563][T25108] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1749.878031][T25108] do_syscall_64+0x3d/0xb0 [ 1749.882285][T25108] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1749.888011][T25108] RIP: 0033:0x7f0ca8db8da9 [ 1749.892267][T25108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1749.911793][T25108] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1749.920035][T25108] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1749.927844][T25108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:33 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x4, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1749.935660][T25108] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1749.943471][T25108] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1749.951456][T25108] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1749.959271][T25108] [ 1749.969258][T25085] lowmem_reserve[]: 0 0 0 07:45:33 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x6, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1749.979336][T25085] DMA32: 71*4kB (UM) 69*8kB (UM) 67*16kB (UM) 69*32kB (UM) 70*64kB (UM) 72*128kB (UM) 73*256kB (UM) 71*512kB (UM) 69*1024kB (UM) 3*2048kB (M) 688*4096kB (UM) = 2967700kB [ 1749.996694][T25085] Normal: 11094*4kB (UME) 5216*8kB (UME) 3041*16kB (UME) 1900*32kB (UME) 1788*64kB (UME) 1046*128kB (UME) 503*256kB (UME) 263*512kB (UME) 221*1024kB (UME) 30*2048kB (UME) 443*4096kB (U) = 2809576kB [ 1750.023567][T25085] 27420 total pagecache pages [ 1750.034484][T25085] 0 pages in swap cache 07:45:34 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000101000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x7, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 07:45:34 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1750.041028][T25085] Swap cache stats: add 0, delete 0, find 0/0 [ 1750.047665][T25085] Free swap = 124996kB [ 1750.054755][T25085] Total swap = 124996kB [ 1750.063786][T25085] 2097051 pages RAM [ 1750.080777][T25085] 0 pages HighMem/MovableOnly 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x8, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:34 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x9, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1750.092982][T25085] 342730 pages reserved [ 1750.104612][T25085] 0 pages cma reserved [ 1750.121714][T25125] FAULT_INJECTION: forcing a failure. [ 1750.121714][T25125] name failslab, interval 1, probability 0, space 0, times 0 [ 1750.136615][T25125] CPU: 0 PID: 25125 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1750.148348][T25125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1750.158240][T25125] Call Trace: [ 1750.161362][T25125] [ 1750.164139][T25125] dump_stack_lvl+0x151/0x1b7 [ 1750.168652][T25125] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1750.174139][T25125] dump_stack+0x15/0x17 [ 1750.178115][T25125] should_fail+0x3c6/0x510 [ 1750.182387][T25125] __should_failslab+0xa4/0xe0 [ 1750.186966][T25125] should_failslab+0x9/0x20 [ 1750.191304][T25125] slab_pre_alloc_hook+0x37/0xd0 [ 1750.196079][T25125] __kmalloc+0x6d/0x270 [ 1750.200070][T25125] ? __register_sysctl_table+0xea/0x1240 [ 1750.205540][T25125] __register_sysctl_table+0xea/0x1240 [ 1750.210833][T25125] ? memcpy+0x56/0x70 [ 1750.214652][T25125] setup_userns_sysctls+0x2b1/0x340 [ 1750.219686][T25125] create_user_ns+0x1230/0x19d0 [ 1750.224376][T25125] ? utsns_owner+0x40/0x40 [ 1750.228626][T25125] ? security_prepare_creds+0x102/0x140 [ 1750.234182][T25125] ? prepare_creds+0x486/0x6a0 [ 1750.238780][T25125] copy_creds+0x20e/0x630 [ 1750.242945][T25125] ? dup_task_struct+0x7e6/0xc60 [ 1750.247728][T25125] copy_process+0x7c3/0x3290 [ 1750.252150][T25125] ? __kasan_check_write+0x14/0x20 [ 1750.257093][T25125] ? proc_fail_nth_write+0x20b/0x290 [ 1750.262214][T25125] ? selinux_file_permission+0x2c4/0x570 [ 1750.267693][T25125] ? fsnotify_perm+0x6a/0x5d0 [ 1750.272194][T25125] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1750.277142][T25125] ? vfs_write+0x9ec/0x1110 [ 1750.281486][T25125] kernel_clone+0x21e/0x9e0 [ 1750.285821][T25125] ? file_end_write+0x1c0/0x1c0 [ 1750.290509][T25125] ? create_io_thread+0x1e0/0x1e0 [ 1750.295369][T25125] ? mutex_unlock+0xb2/0x260 [ 1750.299793][T25125] ? __mutex_lock_slowpath+0x10/0x10 [ 1750.304920][T25125] __x64_sys_clone+0x23f/0x290 [ 1750.309517][T25125] ? __do_sys_vfork+0x130/0x130 [ 1750.314200][T25125] ? ksys_write+0x260/0x2c0 [ 1750.318541][T25125] ? debug_smp_processor_id+0x17/0x20 [ 1750.323854][T25125] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1750.329740][T25125] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1750.335221][T25125] do_syscall_64+0x3d/0xb0 [ 1750.339456][T25125] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1750.345185][T25125] RIP: 0033:0x7f0ca8db8da9 [ 1750.349440][T25125] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1750.368886][T25125] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1750.377125][T25125] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1750.384936][T25125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xa, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1750.392747][T25125] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1750.400557][T25125] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1750.408369][T25125] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1750.416185][T25125] 07:45:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x2, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xb, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) 07:45:34 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000002000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xc, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x3, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1750.497126][T25139] FAULT_INJECTION: forcing a failure. [ 1750.497126][T25139] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1750.514658][T25139] CPU: 1 PID: 25139 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1750.526219][T25139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1750.536226][T25139] Call Trace: [ 1750.539355][T25139] [ 1750.542126][T25139] dump_stack_lvl+0x151/0x1b7 [ 1750.546635][T25139] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1750.552101][T25139] ? __stack_depot_save+0x34/0x470 [ 1750.557056][T25139] ? __kasan_slab_alloc+0x63/0xe0 [ 1750.561922][T25139] dump_stack+0x15/0x17 [ 1750.565902][T25139] should_fail+0x3c6/0x510 [ 1750.570154][T25139] should_fail_alloc_page+0x5a/0x80 [ 1750.575201][T25139] prepare_alloc_pages+0x15c/0x700 [ 1750.580138][T25139] ? __alloc_pages_bulk+0xe40/0xe40 [ 1750.585171][T25139] __alloc_pages+0x18c/0x8f0 [ 1750.589595][T25139] ? prep_new_page+0x110/0x110 [ 1750.594198][T25139] ? __kasan_kmalloc+0x9/0x10 [ 1750.598709][T25139] ? __kmalloc+0x13a/0x270 [ 1750.602962][T25139] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1750.608171][T25139] __vmalloc_node_range+0x482/0x8d0 [ 1750.613224][T25139] dup_task_struct+0x416/0xc60 [ 1750.617802][T25139] ? copy_process+0x5c4/0x3290 [ 1750.622404][T25139] ? __kasan_check_write+0x14/0x20 [ 1750.627349][T25139] copy_process+0x5c4/0x3290 [ 1750.631779][T25139] ? __kasan_check_write+0x14/0x20 [ 1750.636724][T25139] ? proc_fail_nth_write+0x20b/0x290 [ 1750.641848][T25139] ? selinux_file_permission+0x2c4/0x570 [ 1750.647311][T25139] ? fsnotify_perm+0x6a/0x5d0 [ 1750.651827][T25139] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1750.656771][T25139] ? vfs_write+0x9ec/0x1110 [ 1750.661112][T25139] kernel_clone+0x21e/0x9e0 [ 1750.665452][T25139] ? file_end_write+0x1c0/0x1c0 [ 1750.670136][T25139] ? create_io_thread+0x1e0/0x1e0 [ 1750.674997][T25139] ? mutex_unlock+0xb2/0x260 [ 1750.679425][T25139] ? __mutex_lock_slowpath+0x10/0x10 [ 1750.684546][T25139] __x64_sys_clone+0x23f/0x290 [ 1750.689148][T25139] ? __do_sys_vfork+0x130/0x130 [ 1750.693839][T25139] ? ksys_write+0x260/0x2c0 [ 1750.698171][T25139] ? debug_smp_processor_id+0x17/0x20 [ 1750.703395][T25139] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1750.709281][T25139] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1750.714752][T25139] do_syscall_64+0x3d/0xb0 [ 1750.719001][T25139] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1750.724731][T25139] RIP: 0033:0x7f0ca8db8da9 [ 1750.728985][T25139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1750.748424][T25139] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1750.756667][T25139] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1750.764480][T25139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1750.772462][T25139] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1750.780281][T25139] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1750.788086][T25139] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xd, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 07:45:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x4, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1750.795900][T25139] 07:45:34 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xe, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:34 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x6, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1750.841304][T25151] FAULT_INJECTION: forcing a failure. [ 1750.841304][T25151] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1750.858352][T25151] CPU: 0 PID: 25151 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1750.869911][T25151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1750.879804][T25151] Call Trace: [ 1750.882923][T25151] [ 1750.885719][T25151] dump_stack_lvl+0x151/0x1b7 [ 1750.890215][T25151] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1750.895680][T25151] ? __stack_depot_save+0x34/0x470 [ 1750.900629][T25151] ? __kasan_slab_alloc+0x63/0xe0 [ 1750.905495][T25151] dump_stack+0x15/0x17 [ 1750.909482][T25151] should_fail+0x3c6/0x510 [ 1750.913736][T25151] should_fail_alloc_page+0x5a/0x80 [ 1750.918770][T25151] prepare_alloc_pages+0x15c/0x700 [ 1750.923720][T25151] ? __alloc_pages_bulk+0xe40/0xe40 [ 1750.928752][T25151] __alloc_pages+0x18c/0x8f0 [ 1750.933179][T25151] ? prep_new_page+0x110/0x110 [ 1750.937780][T25151] ? __kasan_kmalloc+0x9/0x10 [ 1750.942288][T25151] ? __kmalloc+0x13a/0x270 [ 1750.946540][T25151] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1750.951749][T25151] __vmalloc_node_range+0x482/0x8d0 [ 1750.956788][T25151] dup_task_struct+0x416/0xc60 [ 1750.961385][T25151] ? copy_process+0x5c4/0x3290 [ 1750.965985][T25151] ? __kasan_check_write+0x14/0x20 [ 1750.970929][T25151] copy_process+0x5c4/0x3290 [ 1750.975360][T25151] ? __kasan_check_write+0x14/0x20 [ 1750.980305][T25151] ? proc_fail_nth_write+0x20b/0x290 [ 1750.985427][T25151] ? selinux_file_permission+0x2c4/0x570 [ 1750.990894][T25151] ? fsnotify_perm+0x6a/0x5d0 [ 1750.995409][T25151] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1751.000354][T25151] ? vfs_write+0x9ec/0x1110 [ 1751.004692][T25151] kernel_clone+0x21e/0x9e0 [ 1751.009033][T25151] ? file_end_write+0x1c0/0x1c0 [ 1751.013721][T25151] ? create_io_thread+0x1e0/0x1e0 [ 1751.018576][T25151] ? mutex_unlock+0xb2/0x260 [ 1751.023004][T25151] ? __mutex_lock_slowpath+0x10/0x10 [ 1751.028127][T25151] __x64_sys_clone+0x23f/0x290 [ 1751.032730][T25151] ? __do_sys_vfork+0x130/0x130 [ 1751.037414][T25151] ? ksys_write+0x260/0x2c0 [ 1751.041753][T25151] ? debug_smp_processor_id+0x17/0x20 [ 1751.046984][T25151] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1751.052865][T25151] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1751.058357][T25151] do_syscall_64+0x3d/0xb0 [ 1751.062581][T25151] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1751.068314][T25151] RIP: 0033:0x7f0ca8db8da9 [ 1751.072565][T25151] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:35 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) [ 1751.092022][T25151] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1751.100249][T25151] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1751.108060][T25151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1751.115871][T25151] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1751.123684][T25151] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1751.131674][T25151] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1751.139523][T25151] 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x7, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x8, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xf, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:35 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000003000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1751.157176][T25160] FAULT_INJECTION: forcing a failure. [ 1751.157176][T25160] name failslab, interval 1, probability 0, space 0, times 0 [ 1751.195354][T25160] CPU: 0 PID: 25160 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1751.206910][T25160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1751.216804][T25160] Call Trace: [ 1751.219952][T25160] [ 1751.222704][T25160] dump_stack_lvl+0x151/0x1b7 [ 1751.227216][T25160] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1751.232689][T25160] ? avc_has_perm_noaudit+0x348/0x430 [ 1751.237894][T25160] dump_stack+0x15/0x17 [ 1751.241883][T25160] should_fail+0x3c6/0x510 [ 1751.246140][T25160] __should_failslab+0xa4/0xe0 [ 1751.250737][T25160] ? dup_fd+0x72/0xb00 [ 1751.254815][T25160] should_failslab+0x9/0x20 [ 1751.259200][T25160] slab_pre_alloc_hook+0x37/0xd0 [ 1751.263945][T25160] ? dup_fd+0x72/0xb00 [ 1751.267834][T25160] kmem_cache_alloc+0x44/0x200 [ 1751.272437][T25160] dup_fd+0x72/0xb00 [ 1751.276166][T25160] ? avc_has_perm+0x16f/0x260 [ 1751.280691][T25160] ? avc_has_perm_noaudit+0x430/0x430 [ 1751.285977][T25160] copy_files+0xe6/0x200 [ 1751.290055][T25160] ? perf_event_attrs+0x30/0x30 [ 1751.294747][T25160] ? dup_task_struct+0xc60/0xc60 [ 1751.299515][T25160] ? security_task_alloc+0xf9/0x130 [ 1751.304550][T25160] copy_process+0x1080/0x3290 [ 1751.309064][T25160] ? proc_fail_nth_write+0x20b/0x290 [ 1751.314184][T25160] ? fsnotify_perm+0x6a/0x5d0 [ 1751.318697][T25160] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1751.323641][T25160] ? vfs_write+0x9ec/0x1110 [ 1751.327982][T25160] kernel_clone+0x21e/0x9e0 [ 1751.332322][T25160] ? file_end_write+0x1c0/0x1c0 [ 1751.337008][T25160] ? create_io_thread+0x1e0/0x1e0 [ 1751.341868][T25160] ? mutex_unlock+0xb2/0x260 [ 1751.346296][T25160] ? __mutex_lock_slowpath+0x10/0x10 [ 1751.351416][T25160] __x64_sys_clone+0x23f/0x290 [ 1751.356015][T25160] ? __do_sys_vfork+0x130/0x130 [ 1751.360703][T25160] ? ksys_write+0x260/0x2c0 [ 1751.365043][T25160] ? debug_smp_processor_id+0x17/0x20 [ 1751.370251][T25160] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1751.376150][T25160] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1751.381619][T25160] do_syscall_64+0x3d/0xb0 [ 1751.385871][T25160] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1751.391616][T25160] RIP: 0033:0x7f0ca8db8da9 [ 1751.395856][T25160] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1751.415313][T25160] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1751.423538][T25160] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1751.431349][T25160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1751.439160][T25160] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1751.446971][T25160] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x9, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 07:45:35 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x10, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xa, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1751.454781][T25160] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1751.462603][T25160] [ 1751.484454][T25174] FAULT_INJECTION: forcing a failure. [ 1751.484454][T25174] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1751.503534][T25174] CPU: 1 PID: 25174 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1751.515111][T25174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1751.524980][T25174] Call Trace: [ 1751.528104][T25174] [ 1751.530880][T25174] dump_stack_lvl+0x151/0x1b7 [ 1751.535392][T25174] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1751.540859][T25174] ? __stack_depot_save+0x34/0x470 [ 1751.545807][T25174] dump_stack+0x15/0x17 [ 1751.549804][T25174] should_fail+0x3c6/0x510 [ 1751.554053][T25174] should_fail_alloc_page+0x5a/0x80 [ 1751.559086][T25174] prepare_alloc_pages+0x15c/0x700 [ 1751.564031][T25174] ? __alloc_pages+0x8f0/0x8f0 [ 1751.568653][T25174] ? __alloc_pages_bulk+0xe40/0xe40 [ 1751.573667][T25174] __alloc_pages+0x18c/0x8f0 [ 1751.578094][T25174] ? prep_new_page+0x110/0x110 [ 1751.582692][T25174] ? __kasan_kmalloc+0x9/0x10 [ 1751.587207][T25174] ? __kmalloc+0x13a/0x270 [ 1751.591460][T25174] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1751.596666][T25174] __vmalloc_node_range+0x482/0x8d0 [ 1751.601704][T25174] dup_task_struct+0x416/0xc60 [ 1751.606300][T25174] ? copy_process+0x5c4/0x3290 [ 1751.610902][T25174] ? __kasan_check_write+0x14/0x20 [ 1751.615848][T25174] copy_process+0x5c4/0x3290 [ 1751.620274][T25174] ? __kasan_check_write+0x14/0x20 [ 1751.625258][T25174] ? proc_fail_nth_write+0x20b/0x290 [ 1751.630346][T25174] ? selinux_file_permission+0x2c4/0x570 [ 1751.635812][T25174] ? fsnotify_perm+0x6a/0x5d0 [ 1751.640322][T25174] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1751.645270][T25174] ? vfs_write+0x9ec/0x1110 [ 1751.649609][T25174] kernel_clone+0x21e/0x9e0 [ 1751.653947][T25174] ? file_end_write+0x1c0/0x1c0 [ 1751.658633][T25174] ? create_io_thread+0x1e0/0x1e0 [ 1751.663493][T25174] ? mutex_unlock+0xb2/0x260 [ 1751.667924][T25174] ? __mutex_lock_slowpath+0x10/0x10 [ 1751.673045][T25174] __x64_sys_clone+0x23f/0x290 [ 1751.677645][T25174] ? __do_sys_vfork+0x130/0x130 [ 1751.682327][T25174] ? ksys_write+0x260/0x2c0 [ 1751.686671][T25174] ? debug_smp_processor_id+0x17/0x20 [ 1751.691875][T25174] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1751.697782][T25174] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1751.703247][T25174] do_syscall_64+0x3d/0xb0 [ 1751.707501][T25174] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1751.713226][T25174] RIP: 0033:0x7f0ca8db8da9 [ 1751.717483][T25174] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1751.737440][T25174] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1751.745685][T25174] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:35 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x11, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xb, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x12, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:35 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xc, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1751.753496][T25174] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1751.761320][T25174] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1751.769121][T25174] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1751.776976][T25174] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1751.784752][T25174] 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xd, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xe, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:35 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x13, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1751.843082][T25187] FAULT_INJECTION: forcing a failure. [ 1751.843082][T25187] name failslab, interval 1, probability 0, space 0, times 0 [ 1751.871636][T25187] CPU: 0 PID: 25187 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1751.883195][T25187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1751.893092][T25187] Call Trace: [ 1751.896212][T25187] [ 1751.898991][T25187] dump_stack_lvl+0x151/0x1b7 [ 1751.903594][T25187] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1751.909069][T25187] ? __kasan_kmalloc+0x9/0x10 [ 1751.913660][T25187] ? alloc_fdtable+0xaf/0x2a0 [ 1751.918170][T25187] ? dup_fd+0x759/0xb00 [ 1751.922163][T25187] ? copy_files+0xe6/0x200 [ 1751.926416][T25187] ? kernel_clone+0x21e/0x9e0 [ 1751.930926][T25187] ? __x64_sys_clone+0x23f/0x290 [ 1751.935705][T25187] ? do_syscall_64+0x3d/0xb0 [ 1751.940128][T25187] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1751.946031][T25187] dump_stack+0x15/0x17 [ 1751.950025][T25187] should_fail+0x3c6/0x510 [ 1751.954276][T25187] __should_failslab+0xa4/0xe0 [ 1751.958877][T25187] should_failslab+0x9/0x20 [ 1751.963224][T25187] slab_pre_alloc_hook+0x37/0xd0 [ 1751.968087][T25187] __kmalloc+0x6d/0x270 [ 1751.972075][T25187] ? kvmalloc_node+0x1f0/0x4d0 [ 1751.976668][T25187] kvmalloc_node+0x1f0/0x4d0 [ 1751.981095][T25187] ? vm_mmap+0xb0/0xb0 [ 1751.985012][T25187] ? __kasan_kmalloc+0x9/0x10 [ 1751.989515][T25187] ? kmem_cache_alloc_trace+0x115/0x210 [ 1751.994894][T25187] ? alloc_fdtable+0xaf/0x2a0 [ 1751.999408][T25187] alloc_fdtable+0xeb/0x2a0 [ 1752.003750][T25187] dup_fd+0x759/0xb00 [ 1752.007568][T25187] ? avc_has_perm+0x16f/0x260 [ 1752.012081][T25187] copy_files+0xe6/0x200 [ 1752.016158][T25187] ? perf_event_attrs+0x30/0x30 [ 1752.020844][T25187] ? dup_task_struct+0xc60/0xc60 [ 1752.025617][T25187] ? security_task_alloc+0xf9/0x130 [ 1752.030652][T25187] copy_process+0x1080/0x3290 [ 1752.035168][T25187] ? proc_fail_nth_write+0x20b/0x290 [ 1752.040287][T25187] ? fsnotify_perm+0x6a/0x5d0 [ 1752.044799][T25187] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1752.049745][T25187] ? vfs_write+0x9ec/0x1110 [ 1752.054086][T25187] kernel_clone+0x21e/0x9e0 [ 1752.058424][T25187] ? file_end_write+0x1c0/0x1c0 [ 1752.063113][T25187] ? create_io_thread+0x1e0/0x1e0 [ 1752.067970][T25187] ? mutex_unlock+0xb2/0x260 [ 1752.072399][T25187] ? __mutex_lock_slowpath+0x10/0x10 [ 1752.077521][T25187] __x64_sys_clone+0x23f/0x290 [ 1752.082121][T25187] ? __do_sys_vfork+0x130/0x130 [ 1752.086806][T25187] ? ksys_write+0x260/0x2c0 [ 1752.091147][T25187] ? debug_smp_processor_id+0x17/0x20 [ 1752.096354][T25187] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1752.102254][T25187] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1752.107722][T25187] do_syscall_64+0x3d/0xb0 [ 1752.111976][T25187] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1752.117704][T25187] RIP: 0033:0x7f0ca8db8da9 [ 1752.121957][T25187] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xf, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:36 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:36 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) 07:45:36 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000004000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x10, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1752.141398][T25187] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1752.149643][T25187] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1752.157464][T25187] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1752.165277][T25187] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1752.173273][T25187] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1752.181536][T25187] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1752.189352][T25187] [ 1752.225248][T25204] FAULT_INJECTION: forcing a failure. [ 1752.225248][T25204] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1752.239262][T25204] CPU: 0 PID: 25204 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1752.250810][T25204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1752.260699][T25204] Call Trace: [ 1752.263824][T25204] [ 1752.266601][T25204] dump_stack_lvl+0x151/0x1b7 [ 1752.271114][T25204] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1752.276580][T25204] ? __stack_depot_save+0x34/0x470 [ 1752.281527][T25204] dump_stack+0x15/0x17 [ 1752.285541][T25204] should_fail+0x3c6/0x510 [ 1752.289772][T25204] should_fail_alloc_page+0x5a/0x80 [ 1752.294809][T25204] prepare_alloc_pages+0x15c/0x700 [ 1752.299753][T25204] ? __alloc_pages+0x8f0/0x8f0 [ 1752.304357][T25204] ? __alloc_pages_bulk+0xe40/0xe40 [ 1752.309409][T25204] __alloc_pages+0x18c/0x8f0 [ 1752.313814][T25204] ? prep_new_page+0x110/0x110 [ 1752.318417][T25204] ? __kasan_kmalloc+0x9/0x10 [ 1752.322928][T25204] ? __kmalloc+0x13a/0x270 [ 1752.327185][T25204] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1752.332389][T25204] __vmalloc_node_range+0x482/0x8d0 [ 1752.337424][T25204] dup_task_struct+0x416/0xc60 [ 1752.342022][T25204] ? copy_process+0x5c4/0x3290 [ 1752.346622][T25204] ? __kasan_check_write+0x14/0x20 [ 1752.351588][T25204] copy_process+0x5c4/0x3290 [ 1752.355995][T25204] ? __kasan_check_write+0x14/0x20 [ 1752.360940][T25204] ? proc_fail_nth_write+0x20b/0x290 [ 1752.366065][T25204] ? selinux_file_permission+0x2c4/0x570 [ 1752.371530][T25204] ? fsnotify_perm+0x6a/0x5d0 [ 1752.376045][T25204] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1752.380990][T25204] ? vfs_write+0x9ec/0x1110 [ 1752.385330][T25204] kernel_clone+0x21e/0x9e0 [ 1752.389668][T25204] ? file_end_write+0x1c0/0x1c0 [ 1752.394358][T25204] ? create_io_thread+0x1e0/0x1e0 [ 1752.399217][T25204] ? mutex_unlock+0xb2/0x260 [ 1752.403645][T25204] ? __mutex_lock_slowpath+0x10/0x10 [ 1752.408774][T25204] __x64_sys_clone+0x23f/0x290 [ 1752.413363][T25204] ? __do_sys_vfork+0x130/0x130 [ 1752.418047][T25204] ? ksys_write+0x260/0x2c0 [ 1752.422393][T25204] ? debug_smp_processor_id+0x17/0x20 [ 1752.427597][T25204] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1752.433502][T25204] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1752.438966][T25204] do_syscall_64+0x3d/0xb0 [ 1752.443220][T25204] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1752.448948][T25204] RIP: 0033:0x7f0ca8db8da9 [ 1752.453201][T25204] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x14, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:36 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) [ 1752.472648][T25204] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1752.481235][T25204] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1752.489044][T25204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1752.496856][T25204] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1752.504669][T25204] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1752.512478][T25204] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1752.520465][T25204] 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x11, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x15, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1752.544413][T25210] FAULT_INJECTION: forcing a failure. [ 1752.544413][T25210] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1752.575471][T25210] CPU: 1 PID: 25210 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1752.587033][T25210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1752.596927][T25210] Call Trace: [ 1752.600051][T25210] [ 1752.602827][T25210] dump_stack_lvl+0x151/0x1b7 [ 1752.607339][T25210] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1752.612807][T25210] ? __stack_depot_save+0x34/0x470 [ 1752.617755][T25210] dump_stack+0x15/0x17 [ 1752.621748][T25210] should_fail+0x3c6/0x510 [ 1752.626000][T25210] should_fail_alloc_page+0x5a/0x80 [ 1752.631031][T25210] prepare_alloc_pages+0x15c/0x700 [ 1752.636071][T25210] ? __alloc_pages_bulk+0xe40/0xe40 [ 1752.641108][T25210] __alloc_pages+0x18c/0x8f0 [ 1752.645529][T25210] ? prep_new_page+0x110/0x110 [ 1752.650128][T25210] ? __kasan_kmalloc+0x9/0x10 [ 1752.654641][T25210] ? __kmalloc+0x13a/0x270 [ 1752.658893][T25210] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1752.664109][T25210] __vmalloc_node_range+0x482/0x8d0 [ 1752.669139][T25210] dup_task_struct+0x416/0xc60 [ 1752.673738][T25210] ? copy_process+0x5c4/0x3290 [ 1752.678334][T25210] ? __kasan_check_write+0x14/0x20 [ 1752.683301][T25210] copy_process+0x5c4/0x3290 [ 1752.687713][T25210] ? __kasan_check_write+0x14/0x20 [ 1752.692654][T25210] ? proc_fail_nth_write+0x20b/0x290 [ 1752.697775][T25210] ? selinux_file_permission+0x2c4/0x570 [ 1752.703246][T25210] ? fsnotify_perm+0x6a/0x5d0 [ 1752.707758][T25210] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1752.712706][T25210] ? vfs_write+0x9ec/0x1110 [ 1752.717047][T25210] kernel_clone+0x21e/0x9e0 [ 1752.721383][T25210] ? file_end_write+0x1c0/0x1c0 [ 1752.726082][T25210] ? create_io_thread+0x1e0/0x1e0 [ 1752.730936][T25210] ? mutex_unlock+0xb2/0x260 [ 1752.735361][T25210] ? __mutex_lock_slowpath+0x10/0x10 [ 1752.740481][T25210] __x64_sys_clone+0x23f/0x290 [ 1752.745078][T25210] ? __do_sys_vfork+0x130/0x130 [ 1752.749767][T25210] ? ksys_write+0x260/0x2c0 [ 1752.754106][T25210] ? debug_smp_processor_id+0x17/0x20 [ 1752.759310][T25210] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1752.765213][T25210] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1752.770682][T25210] do_syscall_64+0x3d/0xb0 [ 1752.774934][T25210] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1752.780692][T25210] RIP: 0033:0x7f0ca8db8da9 [ 1752.784920][T25210] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1752.804366][T25210] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1752.812617][T25210] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1752.820417][T25210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1752.828223][T25210] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1752.836054][T25210] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x12, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x16, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x17, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:36 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x13, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:36 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000005000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x18, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1752.843850][T25210] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1752.851683][T25210] 07:45:36 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x14, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:36 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x19, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1752.933678][T25232] FAULT_INJECTION: forcing a failure. [ 1752.933678][T25232] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1752.958939][T25232] CPU: 0 PID: 25232 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1752.970507][T25232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1752.980404][T25232] Call Trace: 07:45:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x15, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1752.983525][T25232] [ 1752.986305][T25232] dump_stack_lvl+0x151/0x1b7 [ 1752.990819][T25232] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1752.996369][T25232] ? __stack_depot_save+0x34/0x470 [ 1753.001441][T25232] dump_stack+0x15/0x17 [ 1753.005432][T25232] should_fail+0x3c6/0x510 [ 1753.009686][T25232] should_fail_alloc_page+0x5a/0x80 [ 1753.014720][T25232] prepare_alloc_pages+0x15c/0x700 [ 1753.019669][T25232] ? __alloc_pages_bulk+0xe40/0xe40 [ 1753.024700][T25232] __alloc_pages+0x18c/0x8f0 [ 1753.029126][T25232] ? prep_new_page+0x110/0x110 [ 1753.033727][T25232] ? __kasan_kmalloc+0x9/0x10 [ 1753.038239][T25232] ? __kmalloc+0x13a/0x270 [ 1753.042492][T25232] ? __vmalloc_node_range+0x2d6/0x8d0 [ 1753.047701][T25232] __vmalloc_node_range+0x482/0x8d0 [ 1753.052735][T25232] dup_task_struct+0x416/0xc60 [ 1753.057333][T25232] ? copy_process+0x5c4/0x3290 [ 1753.061932][T25232] ? __kasan_check_write+0x14/0x20 [ 1753.066881][T25232] copy_process+0x5c4/0x3290 [ 1753.071307][T25232] ? __kasan_check_write+0x14/0x20 [ 1753.076253][T25232] ? proc_fail_nth_write+0x20b/0x290 [ 1753.081372][T25232] ? selinux_file_permission+0x2c4/0x570 [ 1753.086841][T25232] ? fsnotify_perm+0x6a/0x5d0 [ 1753.091354][T25232] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1753.096301][T25232] ? vfs_write+0x9ec/0x1110 [ 1753.100643][T25232] kernel_clone+0x21e/0x9e0 [ 1753.104980][T25232] ? file_end_write+0x1c0/0x1c0 [ 1753.109669][T25232] ? create_io_thread+0x1e0/0x1e0 [ 1753.114527][T25232] ? mutex_unlock+0xb2/0x260 [ 1753.118955][T25232] ? __mutex_lock_slowpath+0x10/0x10 [ 1753.124173][T25232] __x64_sys_clone+0x23f/0x290 [ 1753.128762][T25232] ? __do_sys_vfork+0x130/0x130 [ 1753.133446][T25232] ? ksys_write+0x260/0x2c0 [ 1753.137788][T25232] ? debug_smp_processor_id+0x17/0x20 [ 1753.142996][T25232] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1753.148899][T25232] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1753.154403][T25232] do_syscall_64+0x3d/0xb0 [ 1753.158621][T25232] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1753.164346][T25232] RIP: 0033:0x7f0ca8db8da9 [ 1753.168603][T25232] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1753.188049][T25232] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1753.196311][T25232] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1753.204117][T25232] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1753.211911][T25232] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1753.219720][T25232] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x16, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:37 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1a, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000006000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x17, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:37 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1b, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) [ 1753.227528][T25232] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1753.235352][T25232] 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x18, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:37 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x0, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1753.293524][T25251] FAULT_INJECTION: forcing a failure. [ 1753.293524][T25251] name failslab, interval 1, probability 0, space 0, times 0 [ 1753.313632][T25251] CPU: 1 PID: 25251 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1753.325209][T25251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1753.335118][T25251] Call Trace: [ 1753.338240][T25251] [ 1753.340999][T25251] dump_stack_lvl+0x151/0x1b7 [ 1753.345511][T25251] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1753.350977][T25251] ? vmap_pages_range_noflush+0x7d5/0x800 [ 1753.356536][T25251] dump_stack+0x15/0x17 [ 1753.360525][T25251] should_fail+0x3c6/0x510 [ 1753.364780][T25251] __should_failslab+0xa4/0xe0 [ 1753.369379][T25251] ? prepare_creds+0x2f/0x6a0 [ 1753.373909][T25251] should_failslab+0x9/0x20 [ 1753.378235][T25251] slab_pre_alloc_hook+0x37/0xd0 [ 1753.383005][T25251] ? prepare_creds+0x2f/0x6a0 [ 1753.387518][T25251] kmem_cache_alloc+0x44/0x200 [ 1753.392119][T25251] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 1753.397412][T25251] prepare_creds+0x2f/0x6a0 [ 1753.401751][T25251] copy_creds+0xf0/0x630 [ 1753.405831][T25251] ? dup_task_struct+0x7e6/0xc60 [ 1753.410610][T25251] copy_process+0x7c3/0x3290 [ 1753.415035][T25251] ? __kasan_check_write+0x14/0x20 [ 1753.419977][T25251] ? proc_fail_nth_write+0x20b/0x290 [ 1753.425099][T25251] ? selinux_file_permission+0x2c4/0x570 [ 1753.430569][T25251] ? fsnotify_perm+0x6a/0x5d0 [ 1753.435110][T25251] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1753.440032][T25251] ? vfs_write+0x9ec/0x1110 [ 1753.444370][T25251] kernel_clone+0x21e/0x9e0 [ 1753.448705][T25251] ? file_end_write+0x1c0/0x1c0 [ 1753.453393][T25251] ? create_io_thread+0x1e0/0x1e0 [ 1753.458252][T25251] ? mutex_unlock+0xb2/0x260 [ 1753.462681][T25251] ? __mutex_lock_slowpath+0x10/0x10 [ 1753.467800][T25251] __x64_sys_clone+0x23f/0x290 [ 1753.472414][T25251] ? __do_sys_vfork+0x130/0x130 [ 1753.477085][T25251] ? ksys_write+0x260/0x2c0 [ 1753.481428][T25251] ? debug_smp_processor_id+0x17/0x20 [ 1753.486632][T25251] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1753.492536][T25251] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1753.498003][T25251] do_syscall_64+0x3d/0xb0 [ 1753.502273][T25251] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1753.507984][T25251] RIP: 0033:0x7f0ca8db8da9 [ 1753.512241][T25251] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1753.531680][T25251] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x19, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:37 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1c, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) [ 1753.539922][T25251] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1753.547732][T25251] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1753.555547][T25251] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1753.563355][T25251] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1753.571185][T25251] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1753.578986][T25251] 07:45:37 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000007000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x1a, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1753.625063][T25263] FAULT_INJECTION: forcing a failure. [ 1753.625063][T25263] name failslab, interval 1, probability 0, space 0, times 0 [ 1753.644377][T25263] CPU: 1 PID: 25263 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1753.655945][T25263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1753.665837][T25263] Call Trace: [ 1753.668963][T25263] [ 1753.671753][T25263] dump_stack_lvl+0x151/0x1b7 [ 1753.676255][T25263] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1753.681720][T25263] dump_stack+0x15/0x17 [ 1753.685712][T25263] should_fail+0x3c6/0x510 [ 1753.689962][T25263] __should_failslab+0xa4/0xe0 [ 1753.694558][T25263] ? prepare_creds+0x2f/0x6a0 [ 1753.699073][T25263] should_failslab+0x9/0x20 [ 1753.703413][T25263] slab_pre_alloc_hook+0x37/0xd0 [ 1753.708188][T25263] ? prepare_creds+0x2f/0x6a0 [ 1753.712711][T25263] kmem_cache_alloc+0x44/0x200 [ 1753.717301][T25263] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 1753.722594][T25263] prepare_creds+0x2f/0x6a0 [ 1753.726934][T25263] copy_creds+0xf0/0x630 [ 1753.731012][T25263] ? dup_task_struct+0x7e6/0xc60 [ 1753.735930][T25263] copy_process+0x7c3/0x3290 [ 1753.740353][T25263] ? __kasan_check_write+0x14/0x20 [ 1753.745292][T25263] ? proc_fail_nth_write+0x20b/0x290 [ 1753.750414][T25263] ? selinux_file_permission+0x2c4/0x570 [ 1753.755899][T25263] ? fsnotify_perm+0x6a/0x5d0 [ 1753.760399][T25263] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1753.765338][T25263] ? vfs_write+0x9ec/0x1110 [ 1753.769682][T25263] kernel_clone+0x21e/0x9e0 [ 1753.774024][T25263] ? file_end_write+0x1c0/0x1c0 [ 1753.778883][T25263] ? create_io_thread+0x1e0/0x1e0 [ 1753.783738][T25263] ? mutex_unlock+0xb2/0x260 [ 1753.788178][T25263] ? __mutex_lock_slowpath+0x10/0x10 [ 1753.793312][T25263] __x64_sys_clone+0x23f/0x290 [ 1753.797913][T25263] ? __do_sys_vfork+0x130/0x130 [ 1753.802575][T25263] ? ksys_write+0x260/0x2c0 [ 1753.806914][T25263] ? debug_smp_processor_id+0x17/0x20 [ 1753.812119][T25263] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1753.818022][T25263] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1753.823492][T25263] do_syscall_64+0x3d/0xb0 [ 1753.827745][T25263] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1753.833471][T25263] RIP: 0033:0x7f0ca8db8da9 [ 1753.837748][T25263] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1753.857175][T25263] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1753.865418][T25263] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:37 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x0, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:37 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1d, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x1b, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:37 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 07:45:37 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000008000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1753.873234][T25263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1753.881047][T25263] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1753.888847][T25263] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1753.896655][T25263] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1753.904474][T25263] 07:45:37 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x1c, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1753.932491][T25271] FAULT_INJECTION: forcing a failure. [ 1753.932491][T25271] name failslab, interval 1, probability 0, space 0, times 0 [ 1753.954929][T25271] CPU: 0 PID: 25271 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1753.966597][T25271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1753.976493][T25271] Call Trace: [ 1753.979606][T25271] [ 1753.982403][T25271] dump_stack_lvl+0x151/0x1b7 [ 1753.986900][T25271] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1753.992368][T25271] dump_stack+0x15/0x17 [ 1753.996360][T25271] should_fail+0x3c6/0x510 [ 1754.000613][T25271] __should_failslab+0xa4/0xe0 [ 1754.005211][T25271] should_failslab+0x9/0x20 [ 1754.009551][T25271] slab_pre_alloc_hook+0x37/0xd0 [ 1754.014340][T25271] __kmalloc+0x6d/0x270 [ 1754.018326][T25271] ? security_prepare_creds+0x4d/0x140 [ 1754.023613][T25271] security_prepare_creds+0x4d/0x140 [ 1754.028733][T25271] prepare_creds+0x472/0x6a0 [ 1754.033158][T25271] copy_creds+0xf0/0x630 [ 1754.037235][T25271] ? dup_task_struct+0x7e6/0xc60 [ 1754.042011][T25271] copy_process+0x7c3/0x3290 [ 1754.046439][T25271] ? __kasan_check_write+0x14/0x20 [ 1754.051384][T25271] ? proc_fail_nth_write+0x20b/0x290 [ 1754.056679][T25271] ? selinux_file_permission+0x2c4/0x570 [ 1754.062161][T25271] ? fsnotify_perm+0x6a/0x5d0 [ 1754.066661][T25271] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1754.071780][T25271] ? vfs_write+0x9ec/0x1110 [ 1754.076219][T25271] kernel_clone+0x21e/0x9e0 [ 1754.080546][T25271] ? file_end_write+0x1c0/0x1c0 [ 1754.085233][T25271] ? create_io_thread+0x1e0/0x1e0 [ 1754.090096][T25271] ? mutex_unlock+0xb2/0x260 [ 1754.094520][T25271] ? __mutex_lock_slowpath+0x10/0x10 [ 1754.099641][T25271] __x64_sys_clone+0x23f/0x290 [ 1754.104243][T25271] ? __do_sys_vfork+0x130/0x130 [ 1754.108925][T25271] ? ksys_write+0x260/0x2c0 [ 1754.113267][T25271] ? debug_smp_processor_id+0x17/0x20 [ 1754.118474][T25271] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1754.124376][T25271] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1754.129844][T25271] do_syscall_64+0x3d/0xb0 [ 1754.134104][T25271] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1754.139828][T25271] RIP: 0033:0x7f0ca8db8da9 [ 1754.144079][T25271] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1754.163711][T25271] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1754.171938][T25271] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1e, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x1d, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) [ 1754.179748][T25271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1754.187557][T25271] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1754.195370][T25271] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1754.203213][T25271] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1754.211003][T25271] 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x1e, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x21, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1754.246388][T25282] FAULT_INJECTION: forcing a failure. [ 1754.246388][T25282] name failslab, interval 1, probability 0, space 0, times 0 [ 1754.267585][T25282] CPU: 0 PID: 25282 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1754.279423][T25282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1754.289308][T25282] Call Trace: [ 1754.292443][T25282] [ 1754.295207][T25282] dump_stack_lvl+0x151/0x1b7 [ 1754.299719][T25282] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1754.305188][T25282] ? _find_next_bit+0x1b9/0x200 [ 1754.310136][T25282] ? xas_nomem+0x19a/0x1d0 [ 1754.314388][T25282] dump_stack+0x15/0x17 [ 1754.318466][T25282] should_fail+0x3c6/0x510 [ 1754.322722][T25282] __should_failslab+0xa4/0xe0 [ 1754.327324][T25282] should_failslab+0x9/0x20 [ 1754.331746][T25282] slab_pre_alloc_hook+0x37/0xd0 [ 1754.336519][T25282] ? setup_userns_sysctls+0x55/0x340 [ 1754.341641][T25282] __kmalloc_track_caller+0x6c/0x260 [ 1754.346761][T25282] ? setup_userns_sysctls+0x55/0x340 [ 1754.351881][T25282] kmemdup+0x24/0x50 [ 1754.355614][T25282] setup_userns_sysctls+0x55/0x340 [ 1754.360561][T25282] create_user_ns+0x1230/0x19d0 [ 1754.365249][T25282] ? utsns_owner+0x40/0x40 [ 1754.369500][T25282] ? security_prepare_creds+0x102/0x140 [ 1754.374880][T25282] ? prepare_creds+0x486/0x6a0 [ 1754.379481][T25282] copy_creds+0x20e/0x630 [ 1754.383644][T25282] ? dup_task_struct+0x7e6/0xc60 [ 1754.388424][T25282] copy_process+0x7c3/0x3290 [ 1754.392884][T25282] ? __kasan_check_write+0x14/0x20 [ 1754.397912][T25282] ? proc_fail_nth_write+0x20b/0x290 [ 1754.403022][T25282] ? selinux_file_permission+0x2c4/0x570 [ 1754.408488][T25282] ? fsnotify_perm+0x6a/0x5d0 [ 1754.412999][T25282] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1754.417947][T25282] ? vfs_write+0x9ec/0x1110 [ 1754.422293][T25282] kernel_clone+0x21e/0x9e0 [ 1754.426628][T25282] ? file_end_write+0x1c0/0x1c0 [ 1754.431313][T25282] ? create_io_thread+0x1e0/0x1e0 [ 1754.436172][T25282] ? mutex_unlock+0xb2/0x260 [ 1754.440603][T25282] ? __mutex_lock_slowpath+0x10/0x10 [ 1754.445721][T25282] __x64_sys_clone+0x23f/0x290 [ 1754.450322][T25282] ? __do_sys_vfork+0x130/0x130 [ 1754.455021][T25282] ? ksys_write+0x260/0x2c0 [ 1754.459350][T25282] ? debug_smp_processor_id+0x17/0x20 [ 1754.464555][T25282] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1754.470474][T25282] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1754.475925][T25282] do_syscall_64+0x3d/0xb0 [ 1754.480181][T25282] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1754.485906][T25282] RIP: 0033:0x7f0ca8db8da9 [ 1754.490160][T25282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1754.509602][T25282] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1754.518056][T25282] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1754.525882][T25282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1754.533748][T25282] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:38 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x0, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:38 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000108000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x21, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x22, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1754.541561][T25282] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1754.549371][T25282] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1754.557195][T25282] 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x22, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000000a000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x23, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x23, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x1608, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0xf4240, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x3, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0xf4240, &(0x7f0000000340)={0xc, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1754.690637][T25311] FAULT_INJECTION: forcing a failure. [ 1754.690637][T25311] name failslab, interval 1, probability 0, space 0, times 0 [ 1754.719206][T25311] CPU: 0 PID: 25311 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1754.730769][T25311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1754.740664][T25311] Call Trace: [ 1754.743781][T25311] [ 1754.746564][T25311] dump_stack_lvl+0x151/0x1b7 [ 1754.751072][T25311] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1754.756540][T25311] ? _find_next_bit+0x1b9/0x200 [ 1754.761315][T25311] ? xas_nomem+0x19a/0x1d0 [ 1754.765565][T25311] dump_stack+0x15/0x17 [ 1754.769558][T25311] should_fail+0x3c6/0x510 [ 1754.773811][T25311] __should_failslab+0xa4/0xe0 [ 1754.778413][T25311] should_failslab+0x9/0x20 [ 1754.782756][T25311] slab_pre_alloc_hook+0x37/0xd0 [ 1754.787523][T25311] ? setup_userns_sysctls+0x55/0x340 [ 1754.792646][T25311] __kmalloc_track_caller+0x6c/0x260 [ 1754.797769][T25311] ? setup_userns_sysctls+0x55/0x340 [ 1754.802890][T25311] kmemdup+0x24/0x50 [ 1754.806620][T25311] setup_userns_sysctls+0x55/0x340 [ 1754.811588][T25311] create_user_ns+0x1230/0x19d0 [ 1754.816255][T25311] ? utsns_owner+0x40/0x40 [ 1754.820505][T25311] ? security_prepare_creds+0x102/0x140 [ 1754.825887][T25311] ? prepare_creds+0x486/0x6a0 [ 1754.830601][T25311] copy_creds+0x20e/0x630 [ 1754.834768][T25311] ? dup_task_struct+0x7e6/0xc60 [ 1754.839540][T25311] copy_process+0x7c3/0x3290 [ 1754.843966][T25311] ? __kasan_check_write+0x14/0x20 [ 1754.848912][T25311] ? proc_fail_nth_write+0x20b/0x290 [ 1754.854032][T25311] ? selinux_file_permission+0x2c4/0x570 [ 1754.859504][T25311] ? fsnotify_perm+0x6a/0x5d0 [ 1754.864014][T25311] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1754.868969][T25311] ? vfs_write+0x9ec/0x1110 [ 1754.873308][T25311] kernel_clone+0x21e/0x9e0 [ 1754.877643][T25311] ? file_end_write+0x1c0/0x1c0 [ 1754.882331][T25311] ? create_io_thread+0x1e0/0x1e0 [ 1754.887187][T25311] ? mutex_unlock+0xb2/0x260 [ 1754.891614][T25311] ? __mutex_lock_slowpath+0x10/0x10 [ 1754.896736][T25311] __x64_sys_clone+0x23f/0x290 [ 1754.901337][T25311] ? __do_sys_vfork+0x130/0x130 [ 1754.906040][T25311] ? ksys_write+0x260/0x2c0 [ 1754.910375][T25311] ? debug_smp_processor_id+0x17/0x20 [ 1754.915569][T25311] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1754.921470][T25311] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1754.927041][T25311] do_syscall_64+0x3d/0xb0 [ 1754.931278][T25311] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1754.937005][T25311] RIP: 0033:0x7f0ca8db8da9 [ 1754.941263][T25311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1754.960698][T25311] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1754.969030][T25311] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1754.976847][T25311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:38 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000000c000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:38 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:38 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x4, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:38 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:39 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) [ 1754.984665][T25311] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1754.992465][T25311] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1755.000274][T25311] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1755.008095][T25311] 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x5, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:39 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x6, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:39 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:39 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1755.106649][T25335] FAULT_INJECTION: forcing a failure. [ 1755.106649][T25335] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.119561][T25335] CPU: 0 PID: 25335 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1755.131107][T25335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1755.140999][T25335] Call Trace: [ 1755.144120][T25335] [ 1755.146899][T25335] dump_stack_lvl+0x151/0x1b7 [ 1755.151410][T25335] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1755.156883][T25335] dump_stack+0x15/0x17 [ 1755.160871][T25335] should_fail+0x3c6/0x510 [ 1755.165138][T25335] __should_failslab+0xa4/0xe0 [ 1755.169740][T25335] should_failslab+0x9/0x20 [ 1755.174084][T25335] slab_pre_alloc_hook+0x37/0xd0 [ 1755.178838][T25335] __kmalloc+0x6d/0x270 [ 1755.182828][T25335] ? __register_sysctl_table+0xea/0x1240 [ 1755.188739][T25335] __register_sysctl_table+0xea/0x1240 [ 1755.194025][T25335] ? memcpy+0x56/0x70 [ 1755.197841][T25335] setup_userns_sysctls+0x2b1/0x340 [ 1755.202891][T25335] create_user_ns+0x1230/0x19d0 [ 1755.207564][T25335] ? utsns_owner+0x40/0x40 [ 1755.211815][T25335] ? security_prepare_creds+0x102/0x140 [ 1755.217197][T25335] ? prepare_creds+0x486/0x6a0 [ 1755.221799][T25335] copy_creds+0x20e/0x630 [ 1755.225963][T25335] ? dup_task_struct+0x7e6/0xc60 [ 1755.230757][T25335] copy_process+0x7c3/0x3290 [ 1755.235165][T25335] ? __kasan_check_write+0x14/0x20 [ 1755.240108][T25335] ? proc_fail_nth_write+0x20b/0x290 [ 1755.245229][T25335] ? selinux_file_permission+0x2c4/0x570 [ 1755.250696][T25335] ? fsnotify_perm+0x6a/0x5d0 [ 1755.255216][T25335] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1755.260159][T25335] ? vfs_write+0x9ec/0x1110 [ 1755.264501][T25335] kernel_clone+0x21e/0x9e0 [ 1755.268838][T25335] ? file_end_write+0x1c0/0x1c0 [ 1755.273525][T25335] ? create_io_thread+0x1e0/0x1e0 [ 1755.278386][T25335] ? mutex_unlock+0xb2/0x260 [ 1755.282812][T25335] ? __mutex_lock_slowpath+0x10/0x10 [ 1755.287934][T25335] __x64_sys_clone+0x23f/0x290 [ 1755.292534][T25335] ? __do_sys_vfork+0x130/0x130 [ 1755.297217][T25335] ? ksys_write+0x260/0x2c0 [ 1755.301558][T25335] ? debug_smp_processor_id+0x17/0x20 [ 1755.306762][T25335] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1755.312665][T25335] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1755.318135][T25335] do_syscall_64+0x3d/0xb0 [ 1755.322389][T25335] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1755.328119][T25335] RIP: 0033:0x7f0ca8db8da9 [ 1755.332373][T25335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x7, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:39 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) [ 1755.352032][T25335] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1755.360282][T25335] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1755.368073][T25335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1755.375885][T25335] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1755.383697][T25335] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1755.391506][T25335] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1755.399326][T25335] 07:45:39 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000000d000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x8, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1755.430290][T25339] FAULT_INJECTION: forcing a failure. [ 1755.430290][T25339] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.448611][T25339] CPU: 1 PID: 25339 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1755.460169][T25339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1755.470064][T25339] Call Trace: [ 1755.473210][T25339] [ 1755.475968][T25339] dump_stack_lvl+0x151/0x1b7 [ 1755.480476][T25339] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1755.485944][T25339] ? _raw_spin_unlock+0x4d/0x70 [ 1755.490629][T25339] dump_stack+0x15/0x17 [ 1755.494620][T25339] should_fail+0x3c6/0x510 [ 1755.498878][T25339] __should_failslab+0xa4/0xe0 [ 1755.503475][T25339] should_failslab+0x9/0x20 [ 1755.507814][T25339] slab_pre_alloc_hook+0x37/0xd0 [ 1755.512588][T25339] kmem_cache_alloc_trace+0x48/0x210 [ 1755.517708][T25339] ? alloc_ucounts+0x15c/0x500 [ 1755.522306][T25339] alloc_ucounts+0x15c/0x500 [ 1755.526734][T25339] ? prepare_creds+0x486/0x6a0 [ 1755.531334][T25339] copy_creds+0x344/0x630 [ 1755.535499][T25339] copy_process+0x7c3/0x3290 [ 1755.539925][T25339] ? __kasan_check_write+0x14/0x20 [ 1755.544883][T25339] ? proc_fail_nth_write+0x20b/0x290 [ 1755.549993][T25339] ? selinux_file_permission+0x2c4/0x570 [ 1755.555462][T25339] ? fsnotify_perm+0x6a/0x5d0 [ 1755.559976][T25339] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1755.564923][T25339] ? vfs_write+0x9ec/0x1110 [ 1755.569262][T25339] kernel_clone+0x21e/0x9e0 [ 1755.573601][T25339] ? file_end_write+0x1c0/0x1c0 [ 1755.578290][T25339] ? create_io_thread+0x1e0/0x1e0 [ 1755.583151][T25339] ? mutex_unlock+0xb2/0x260 [ 1755.587574][T25339] ? __mutex_lock_slowpath+0x10/0x10 [ 1755.592700][T25339] __x64_sys_clone+0x23f/0x290 [ 1755.597297][T25339] ? __do_sys_vfork+0x130/0x130 [ 1755.601982][T25339] ? ksys_write+0x260/0x2c0 [ 1755.606326][T25339] ? debug_smp_processor_id+0x17/0x20 [ 1755.611527][T25339] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1755.617432][T25339] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1755.622900][T25339] do_syscall_64+0x3d/0xb0 [ 1755.627152][T25339] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1755.632884][T25339] RIP: 0033:0x7f0ca8db8da9 [ 1755.637136][T25339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1755.656578][T25339] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1755.664822][T25339] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1755.672629][T25339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x9, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:39 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xa, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:39 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x0, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1755.680440][T25339] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1755.688250][T25339] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1755.696063][T25339] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1755.703879][T25339] 07:45:39 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:39 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 07:45:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xb, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1755.787094][T25358] FAULT_INJECTION: forcing a failure. [ 1755.787094][T25358] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.799715][T25358] CPU: 0 PID: 25358 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1755.811257][T25358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1755.821150][T25358] Call Trace: [ 1755.824285][T25358] [ 1755.827050][T25358] dump_stack_lvl+0x151/0x1b7 [ 1755.831566][T25358] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1755.837028][T25358] ? _raw_spin_unlock+0x4d/0x70 [ 1755.841717][T25358] dump_stack+0x15/0x17 [ 1755.845710][T25358] should_fail+0x3c6/0x510 [ 1755.849962][T25358] __should_failslab+0xa4/0xe0 [ 1755.854563][T25358] should_failslab+0x9/0x20 [ 1755.858901][T25358] slab_pre_alloc_hook+0x37/0xd0 [ 1755.863673][T25358] kmem_cache_alloc_trace+0x48/0x210 [ 1755.868793][T25358] ? alloc_ucounts+0x15c/0x500 [ 1755.873398][T25358] alloc_ucounts+0x15c/0x500 [ 1755.877823][T25358] ? prepare_creds+0x486/0x6a0 [ 1755.882421][T25358] copy_creds+0x344/0x630 [ 1755.886591][T25358] copy_process+0x7c3/0x3290 [ 1755.891018][T25358] ? __kasan_check_write+0x14/0x20 [ 1755.895961][T25358] ? proc_fail_nth_write+0x20b/0x290 [ 1755.901080][T25358] ? selinux_file_permission+0x2c4/0x570 [ 1755.906551][T25358] ? fsnotify_perm+0x6a/0x5d0 [ 1755.911061][T25358] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1755.916010][T25358] ? vfs_write+0x9ec/0x1110 [ 1755.920349][T25358] kernel_clone+0x21e/0x9e0 [ 1755.924693][T25358] ? file_end_write+0x1c0/0x1c0 [ 1755.929374][T25358] ? create_io_thread+0x1e0/0x1e0 [ 1755.934242][T25358] ? mutex_unlock+0xb2/0x260 [ 1755.938664][T25358] ? __mutex_lock_slowpath+0x10/0x10 [ 1755.943783][T25358] __x64_sys_clone+0x23f/0x290 [ 1755.948470][T25358] ? __do_sys_vfork+0x130/0x130 [ 1755.953156][T25358] ? ksys_write+0x260/0x2c0 [ 1755.957497][T25358] ? debug_smp_processor_id+0x17/0x20 [ 1755.962703][T25358] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1755.968605][T25358] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1755.974073][T25358] do_syscall_64+0x3d/0xb0 [ 1755.978328][T25358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1755.984055][T25358] RIP: 0033:0x7f0ca8db8da9 [ 1755.988307][T25358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1756.007836][T25358] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1756.016080][T25358] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1756.023891][T25358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xc, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000000f000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xd, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 07:45:40 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x0, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1756.031769][T25358] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1756.039515][T25358] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1756.047325][T25358] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1756.055140][T25358] 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xe, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xf, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x9, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000010000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x0, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x10, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xa, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x12, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x0, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000014000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x14, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1756.263680][T25392] FAULT_INJECTION: forcing a failure. [ 1756.263680][T25392] name failslab, interval 1, probability 0, space 0, times 0 [ 1756.285466][T25392] CPU: 1 PID: 25392 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1756.297030][T25392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1756.306930][T25392] Call Trace: [ 1756.310047][T25392] [ 1756.312836][T25392] dump_stack_lvl+0x151/0x1b7 [ 1756.317349][T25392] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1756.322819][T25392] ? avc_denied+0x1b0/0x1b0 [ 1756.327147][T25392] dump_stack+0x15/0x17 [ 1756.331137][T25392] should_fail+0x3c6/0x510 [ 1756.335388][T25392] __should_failslab+0xa4/0xe0 [ 1756.339986][T25392] ? vm_area_dup+0x26/0x230 [ 1756.344327][T25392] should_failslab+0x9/0x20 [ 1756.348667][T25392] slab_pre_alloc_hook+0x37/0xd0 [ 1756.353440][T25392] ? vm_area_dup+0x26/0x230 [ 1756.357780][T25392] kmem_cache_alloc+0x44/0x200 [ 1756.362383][T25392] vm_area_dup+0x26/0x230 [ 1756.366545][T25392] copy_mm+0x9a1/0x13e0 [ 1756.370539][T25392] ? copy_signal+0x610/0x610 [ 1756.374964][T25392] ? __init_rwsem+0xd6/0x1c0 [ 1756.379401][T25392] ? copy_signal+0x4e3/0x610 [ 1756.383820][T25392] copy_process+0x1149/0x3290 [ 1756.388332][T25392] ? proc_fail_nth_write+0x20b/0x290 [ 1756.393450][T25392] ? fsnotify_perm+0x6a/0x5d0 [ 1756.397963][T25392] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1756.402925][T25392] ? vfs_write+0x9ec/0x1110 [ 1756.407252][T25392] kernel_clone+0x21e/0x9e0 [ 1756.411589][T25392] ? file_end_write+0x1c0/0x1c0 [ 1756.416277][T25392] ? create_io_thread+0x1e0/0x1e0 [ 1756.421136][T25392] ? mutex_unlock+0xb2/0x260 [ 1756.425564][T25392] ? __mutex_lock_slowpath+0x10/0x10 [ 1756.430684][T25392] __x64_sys_clone+0x23f/0x290 [ 1756.435284][T25392] ? __do_sys_vfork+0x130/0x130 [ 1756.439971][T25392] ? ksys_write+0x260/0x2c0 [ 1756.444311][T25392] ? debug_smp_processor_id+0x17/0x20 [ 1756.449520][T25392] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1756.455421][T25392] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1756.460889][T25392] do_syscall_64+0x3d/0xb0 [ 1756.465139][T25392] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1756.470869][T25392] RIP: 0033:0x7f0ca8db8da9 [ 1756.475123][T25392] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1756.494563][T25392] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1756.502809][T25392] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:40 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x15, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x0, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1756.510671][T25392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1756.518430][T25392] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1756.526241][T25392] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1756.534053][T25392] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1756.541869][T25392] [ 1756.570530][T25406] FAULT_INJECTION: forcing a failure. [ 1756.570530][T25406] name failslab, interval 1, probability 0, space 0, times 0 [ 1756.583631][T25406] CPU: 0 PID: 25406 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1756.595181][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1756.605075][T25406] Call Trace: [ 1756.608194][T25406] [ 1756.610973][T25406] dump_stack_lvl+0x151/0x1b7 [ 1756.615486][T25406] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1756.620956][T25406] dump_stack+0x15/0x17 [ 1756.624945][T25406] should_fail+0x3c6/0x510 [ 1756.629199][T25406] __should_failslab+0xa4/0xe0 [ 1756.633801][T25406] should_failslab+0x9/0x20 [ 1756.638138][T25406] slab_pre_alloc_hook+0x37/0xd0 [ 1756.642912][T25406] kmem_cache_alloc_trace+0x48/0x210 [ 1756.648032][T25406] ? alloc_fdtable+0xaf/0x2a0 [ 1756.652546][T25406] alloc_fdtable+0xaf/0x2a0 [ 1756.656889][T25406] dup_fd+0x759/0xb00 [ 1756.660703][T25406] ? avc_has_perm+0x16f/0x260 [ 1756.665228][T25406] copy_files+0xe6/0x200 [ 1756.669298][T25406] ? perf_event_attrs+0x30/0x30 [ 1756.673983][T25406] ? dup_task_struct+0xc60/0xc60 [ 1756.678760][T25406] ? security_task_alloc+0xf9/0x130 [ 1756.683791][T25406] copy_process+0x1080/0x3290 [ 1756.688308][T25406] ? proc_fail_nth_write+0x20b/0x290 [ 1756.693428][T25406] ? fsnotify_perm+0x6a/0x5d0 [ 1756.697938][T25406] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1756.702893][T25406] ? vfs_write+0x9ec/0x1110 [ 1756.707225][T25406] kernel_clone+0x21e/0x9e0 [ 1756.711569][T25406] ? file_end_write+0x1c0/0x1c0 [ 1756.716249][T25406] ? create_io_thread+0x1e0/0x1e0 [ 1756.721111][T25406] ? mutex_unlock+0xb2/0x260 [ 1756.725536][T25406] ? __mutex_lock_slowpath+0x10/0x10 [ 1756.730666][T25406] __x64_sys_clone+0x23f/0x290 [ 1756.735269][T25406] ? __do_sys_vfork+0x130/0x130 [ 1756.739943][T25406] ? ksys_write+0x260/0x2c0 [ 1756.744284][T25406] ? debug_smp_processor_id+0x17/0x20 [ 1756.749490][T25406] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1756.755394][T25406] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1756.760862][T25406] do_syscall_64+0x3d/0xb0 [ 1756.765114][T25406] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1756.770861][T25406] RIP: 0033:0x7f0ca8db8da9 [ 1756.775097][T25406] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1756.794554][T25406] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1756.802780][T25406] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1756.810596][T25406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x16, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xe, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) [ 1756.818404][T25406] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1756.826213][T25406] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1756.834027][T25406] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1756.841845][T25406] 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x17, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:40 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000018000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xf, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:40 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1756.898775][T25418] FAULT_INJECTION: forcing a failure. [ 1756.898775][T25418] name failslab, interval 1, probability 0, space 0, times 0 [ 1756.925259][T25418] CPU: 0 PID: 25418 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1756.936912][T25418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1756.946804][T25418] Call Trace: [ 1756.949927][T25418] [ 1756.952703][T25418] dump_stack_lvl+0x151/0x1b7 [ 1756.957220][T25418] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1756.962680][T25418] ? __kasan_kmalloc+0x9/0x10 [ 1756.967197][T25418] ? alloc_fdtable+0xaf/0x2a0 [ 1756.971708][T25418] ? dup_fd+0x759/0xb00 [ 1756.975701][T25418] ? copy_files+0xe6/0x200 [ 1756.979954][T25418] ? kernel_clone+0x21e/0x9e0 [ 1756.984465][T25418] ? __x64_sys_clone+0x23f/0x290 [ 1756.989241][T25418] ? do_syscall_64+0x3d/0xb0 [ 1756.993666][T25418] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1756.999574][T25418] dump_stack+0x15/0x17 [ 1757.003563][T25418] should_fail+0x3c6/0x510 [ 1757.007814][T25418] __should_failslab+0xa4/0xe0 [ 1757.012415][T25418] should_failslab+0x9/0x20 [ 1757.016755][T25418] slab_pre_alloc_hook+0x37/0xd0 [ 1757.021531][T25418] __kmalloc+0x6d/0x270 [ 1757.025518][T25418] ? kvmalloc_node+0x1f0/0x4d0 [ 1757.030122][T25418] kvmalloc_node+0x1f0/0x4d0 [ 1757.034549][T25418] ? vm_mmap+0xb0/0xb0 [ 1757.038453][T25418] ? __kasan_kmalloc+0x9/0x10 [ 1757.042965][T25418] ? kmem_cache_alloc_trace+0x115/0x210 [ 1757.048345][T25418] ? alloc_fdtable+0xaf/0x2a0 [ 1757.052871][T25418] alloc_fdtable+0xeb/0x2a0 [ 1757.057200][T25418] dup_fd+0x759/0xb00 [ 1757.061189][T25418] ? avc_has_perm+0x16f/0x260 [ 1757.065749][T25418] copy_files+0xe6/0x200 [ 1757.069785][T25418] ? perf_event_attrs+0x30/0x30 [ 1757.074473][T25418] ? dup_task_struct+0xc60/0xc60 [ 1757.079245][T25418] ? security_task_alloc+0xf9/0x130 [ 1757.084279][T25418] copy_process+0x1080/0x3290 [ 1757.088849][T25418] ? proc_fail_nth_write+0x20b/0x290 [ 1757.093911][T25418] ? fsnotify_perm+0x6a/0x5d0 [ 1757.098424][T25418] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1757.103371][T25418] ? vfs_write+0x9ec/0x1110 [ 1757.107713][T25418] kernel_clone+0x21e/0x9e0 [ 1757.112056][T25418] ? file_end_write+0x1c0/0x1c0 [ 1757.116740][T25418] ? create_io_thread+0x1e0/0x1e0 [ 1757.121596][T25418] ? mutex_unlock+0xb2/0x260 [ 1757.126024][T25418] ? __mutex_lock_slowpath+0x10/0x10 [ 1757.131145][T25418] __x64_sys_clone+0x23f/0x290 [ 1757.135747][T25418] ? __do_sys_vfork+0x130/0x130 [ 1757.140431][T25418] ? ksys_write+0x260/0x2c0 [ 1757.144771][T25418] ? debug_smp_processor_id+0x17/0x20 [ 1757.149977][T25418] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1757.155881][T25418] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1757.161347][T25418] do_syscall_64+0x3d/0xb0 [ 1757.165601][T25418] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1757.171326][T25418] RIP: 0033:0x7f0ca8db8da9 [ 1757.175584][T25418] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:41 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x0, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:41 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000118000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x19, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1757.195038][T25418] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1757.203269][T25418] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1757.211080][T25418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1757.218890][T25418] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1757.226700][T25418] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1757.234522][T25418] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1757.242328][T25418] 07:45:41 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) 07:45:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1757.300833][T25435] FAULT_INJECTION: forcing a failure. [ 1757.300833][T25435] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.315625][T25435] CPU: 1 PID: 25435 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1757.327194][T25435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1757.337086][T25435] Call Trace: [ 1757.340235][T25435] [ 1757.342997][T25435] dump_stack_lvl+0x151/0x1b7 [ 1757.347501][T25435] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1757.352968][T25435] dump_stack+0x15/0x17 [ 1757.356961][T25435] should_fail+0x3c6/0x510 [ 1757.361214][T25435] __should_failslab+0xa4/0xe0 [ 1757.365861][T25435] should_failslab+0x9/0x20 [ 1757.370154][T25435] slab_pre_alloc_hook+0x37/0xd0 [ 1757.374927][T25435] __kmalloc+0x6d/0x270 [ 1757.378917][T25435] ? kvmalloc_node+0x1f0/0x4d0 [ 1757.383519][T25435] kvmalloc_node+0x1f0/0x4d0 [ 1757.387946][T25435] ? vm_mmap+0xb0/0xb0 [ 1757.391850][T25435] ? __kasan_kmalloc+0x9/0x10 [ 1757.396362][T25435] ? kmem_cache_alloc_trace+0x115/0x210 [ 1757.401743][T25435] ? alloc_fdtable+0xaf/0x2a0 [ 1757.406260][T25435] alloc_fdtable+0x163/0x2a0 [ 1757.410688][T25435] dup_fd+0x759/0xb00 [ 1757.414516][T25435] ? avc_has_perm+0x16f/0x260 [ 1757.419017][T25435] copy_files+0xe6/0x200 [ 1757.423096][T25435] ? perf_event_attrs+0x30/0x30 [ 1757.427782][T25435] ? dup_task_struct+0xc60/0xc60 [ 1757.432561][T25435] ? security_task_alloc+0xf9/0x130 [ 1757.437590][T25435] copy_process+0x1080/0x3290 [ 1757.442104][T25435] ? proc_fail_nth_write+0x20b/0x290 [ 1757.447236][T25435] ? fsnotify_perm+0x6a/0x5d0 [ 1757.451742][T25435] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1757.456684][T25435] ? vfs_write+0x9ec/0x1110 [ 1757.461023][T25435] kernel_clone+0x21e/0x9e0 [ 1757.465365][T25435] ? file_end_write+0x1c0/0x1c0 [ 1757.470048][T25435] ? create_io_thread+0x1e0/0x1e0 [ 1757.474911][T25435] ? mutex_unlock+0xb2/0x260 [ 1757.479338][T25435] ? __mutex_lock_slowpath+0x10/0x10 [ 1757.484456][T25435] __x64_sys_clone+0x23f/0x290 [ 1757.489057][T25435] ? __do_sys_vfork+0x130/0x130 [ 1757.493743][T25435] ? ksys_write+0x260/0x2c0 [ 1757.498084][T25435] ? debug_smp_processor_id+0x17/0x20 [ 1757.503290][T25435] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1757.509192][T25435] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1757.514661][T25435] do_syscall_64+0x3d/0xb0 [ 1757.518913][T25435] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1757.524641][T25435] RIP: 0033:0x7f0ca8db8da9 [ 1757.528896][T25435] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1a, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:41 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 07:45:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x12, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1757.548333][T25435] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1757.556578][T25435] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1757.564390][T25435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1757.572203][T25435] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1757.580014][T25435] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1757.587826][T25435] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1757.595639][T25435] 07:45:41 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x0, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1b, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x13, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:41 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000019000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1757.637948][T25440] FAULT_INJECTION: forcing a failure. [ 1757.637948][T25440] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.677312][T25440] CPU: 1 PID: 25440 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1757.688874][T25440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1757.698768][T25440] Call Trace: [ 1757.701887][T25440] [ 1757.704667][T25440] dump_stack_lvl+0x151/0x1b7 [ 1757.709181][T25440] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1757.714649][T25440] dump_stack+0x15/0x17 [ 1757.718642][T25440] should_fail+0x3c6/0x510 [ 1757.722895][T25440] __should_failslab+0xa4/0xe0 [ 1757.727494][T25440] ? anon_vma_fork+0xf7/0x4e0 [ 1757.732005][T25440] should_failslab+0x9/0x20 [ 1757.736346][T25440] slab_pre_alloc_hook+0x37/0xd0 [ 1757.741121][T25440] ? anon_vma_fork+0xf7/0x4e0 [ 1757.745631][T25440] kmem_cache_alloc+0x44/0x200 [ 1757.750235][T25440] anon_vma_fork+0xf7/0x4e0 [ 1757.754570][T25440] ? anon_vma_name+0x4c/0x70 [ 1757.758997][T25440] ? vm_area_dup+0x17a/0x230 [ 1757.763424][T25440] copy_mm+0xa3a/0x13e0 [ 1757.767419][T25440] ? copy_signal+0x610/0x610 [ 1757.771842][T25440] ? __init_rwsem+0xd6/0x1c0 [ 1757.776269][T25440] ? copy_signal+0x4e3/0x610 [ 1757.780700][T25440] copy_process+0x1149/0x3290 [ 1757.785336][T25440] ? proc_fail_nth_write+0x20b/0x290 [ 1757.790441][T25440] ? fsnotify_perm+0x6a/0x5d0 [ 1757.794952][T25440] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1757.799909][T25440] ? vfs_write+0x9ec/0x1110 [ 1757.804245][T25440] kernel_clone+0x21e/0x9e0 [ 1757.808578][T25440] ? file_end_write+0x1c0/0x1c0 [ 1757.813263][T25440] ? create_io_thread+0x1e0/0x1e0 [ 1757.818127][T25440] ? mutex_unlock+0xb2/0x260 [ 1757.822553][T25440] ? __mutex_lock_slowpath+0x10/0x10 [ 1757.827785][T25440] __x64_sys_clone+0x23f/0x290 [ 1757.832359][T25440] ? __do_sys_vfork+0x130/0x130 [ 1757.837045][T25440] ? ksys_write+0x260/0x2c0 [ 1757.841398][T25440] ? debug_smp_processor_id+0x17/0x20 [ 1757.846598][T25440] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1757.852496][T25440] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1757.857960][T25440] do_syscall_64+0x3d/0xb0 [ 1757.862319][T25440] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1757.868030][T25440] RIP: 0033:0x7f0ca8db8da9 [ 1757.872282][T25440] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1757.891750][T25440] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1757.899979][T25440] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1757.907779][T25440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1757.915590][T25440] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1757.923412][T25440] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1757.931210][T25440] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1c, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:41 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:41 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) [ 1757.939028][T25440] 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1d, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1757.978146][T25458] FAULT_INJECTION: forcing a failure. [ 1757.978146][T25458] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.993777][T25458] CPU: 0 PID: 25458 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1758.005338][T25458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1758.015236][T25458] Call Trace: [ 1758.018355][T25458] [ 1758.021132][T25458] dump_stack_lvl+0x151/0x1b7 [ 1758.025649][T25458] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1758.031120][T25458] dump_stack+0x15/0x17 [ 1758.035112][T25458] should_fail+0x3c6/0x510 [ 1758.039363][T25458] __should_failslab+0xa4/0xe0 [ 1758.043961][T25458] ? anon_vma_fork+0x1df/0x4e0 [ 1758.048560][T25458] should_failslab+0x9/0x20 [ 1758.052921][T25458] slab_pre_alloc_hook+0x37/0xd0 [ 1758.057669][T25458] ? anon_vma_fork+0x1df/0x4e0 [ 1758.062269][T25458] kmem_cache_alloc+0x44/0x200 [ 1758.066870][T25458] anon_vma_fork+0x1df/0x4e0 [ 1758.071298][T25458] copy_mm+0xa3a/0x13e0 [ 1758.075291][T25458] ? copy_signal+0x610/0x610 [ 1758.079712][T25458] ? __init_rwsem+0xd6/0x1c0 [ 1758.084461][T25458] ? copy_signal+0x4e3/0x610 [ 1758.088874][T25458] copy_process+0x1149/0x3290 [ 1758.093388][T25458] ? proc_fail_nth_write+0x20b/0x290 [ 1758.098505][T25458] ? fsnotify_perm+0x6a/0x5d0 [ 1758.103019][T25458] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1758.107963][T25458] ? vfs_write+0x9ec/0x1110 [ 1758.112304][T25458] kernel_clone+0x21e/0x9e0 [ 1758.116644][T25458] ? file_end_write+0x1c0/0x1c0 [ 1758.121329][T25458] ? create_io_thread+0x1e0/0x1e0 [ 1758.126188][T25458] ? mutex_unlock+0xb2/0x260 [ 1758.130616][T25458] ? __mutex_lock_slowpath+0x10/0x10 [ 1758.135740][T25458] __x64_sys_clone+0x23f/0x290 [ 1758.140337][T25458] ? __do_sys_vfork+0x130/0x130 [ 1758.145023][T25458] ? ksys_write+0x260/0x2c0 [ 1758.149368][T25458] ? debug_smp_processor_id+0x17/0x20 [ 1758.154569][T25458] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1758.160475][T25458] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1758.165948][T25458] do_syscall_64+0x3d/0xb0 [ 1758.170195][T25458] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1758.175931][T25458] RIP: 0033:0x7f0ca8db8da9 [ 1758.180175][T25458] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1758.199706][T25458] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1758.207953][T25458] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1758.215759][T25458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:41 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x0, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1e, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x21, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1d04, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:42 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000001b000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:42 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x4000, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1758.223570][T25458] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1758.231389][T25458] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1758.239190][T25458] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1758.247009][T25458] [ 1758.290198][T25473] FAULT_INJECTION: forcing a failure. [ 1758.290198][T25473] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1758.314199][T25473] CPU: 0 PID: 25473 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1758.325759][T25473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1758.335654][T25473] Call Trace: [ 1758.338778][T25473] [ 1758.341555][T25473] dump_stack_lvl+0x151/0x1b7 [ 1758.346066][T25473] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1758.351534][T25473] dump_stack+0x15/0x17 [ 1758.355527][T25473] should_fail+0x3c6/0x510 [ 1758.359777][T25473] should_fail_alloc_page+0x5a/0x80 [ 1758.364808][T25473] prepare_alloc_pages+0x15c/0x700 [ 1758.369759][T25473] ? __alloc_pages_bulk+0xe40/0xe40 [ 1758.374794][T25473] __alloc_pages+0x18c/0x8f0 [ 1758.379217][T25473] ? prep_new_page+0x110/0x110 [ 1758.383818][T25473] get_zeroed_page+0x1b/0x40 [ 1758.388242][T25473] __pud_alloc+0x8b/0x260 [ 1758.392409][T25473] ? stack_trace_snprint+0xf0/0xf0 [ 1758.397364][T25473] ? do_handle_mm_fault+0x2330/0x2330 [ 1758.402564][T25473] ? __stack_depot_save+0x34/0x470 [ 1758.407510][T25473] ? anon_vma_clone+0x9a/0x500 [ 1758.412113][T25473] copy_page_range+0x2bcf/0x2f90 [ 1758.416884][T25473] ? __kasan_slab_alloc+0xb1/0xe0 [ 1758.421746][T25473] ? slab_post_alloc_hook+0x53/0x2c0 [ 1758.426994][T25473] ? copy_mm+0xa3a/0x13e0 [ 1758.431150][T25473] ? copy_process+0x1149/0x3290 [ 1758.435836][T25473] ? kernel_clone+0x21e/0x9e0 [ 1758.440355][T25473] ? __x64_sys_clone+0x23f/0x290 [ 1758.445122][T25473] ? do_syscall_64+0x3d/0xb0 [ 1758.449550][T25473] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1758.455454][T25473] ? pfn_valid+0x1e0/0x1e0 [ 1758.459703][T25473] ? rwsem_write_trylock+0x15b/0x290 [ 1758.464823][T25473] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 1758.471072][T25473] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1758.476626][T25473] ? __rb_insert_augmented+0x5de/0x610 [ 1758.481923][T25473] copy_mm+0xc7e/0x13e0 [ 1758.485916][T25473] ? copy_signal+0x610/0x610 [ 1758.490337][T25473] ? __init_rwsem+0xd6/0x1c0 [ 1758.494767][T25473] ? copy_signal+0x4e3/0x610 [ 1758.499193][T25473] copy_process+0x1149/0x3290 [ 1758.503707][T25473] ? proc_fail_nth_write+0x20b/0x290 [ 1758.508827][T25473] ? fsnotify_perm+0x6a/0x5d0 [ 1758.513341][T25473] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1758.518287][T25473] ? vfs_write+0x9ec/0x1110 [ 1758.522624][T25473] kernel_clone+0x21e/0x9e0 [ 1758.526965][T25473] ? file_end_write+0x1c0/0x1c0 [ 1758.531651][T25473] ? create_io_thread+0x1e0/0x1e0 [ 1758.536512][T25473] ? mutex_unlock+0xb2/0x260 [ 1758.540938][T25473] ? __mutex_lock_slowpath+0x10/0x10 [ 1758.546060][T25473] __x64_sys_clone+0x23f/0x290 [ 1758.550660][T25473] ? __do_sys_vfork+0x130/0x130 [ 1758.555344][T25473] ? ksys_write+0x260/0x2c0 [ 1758.559688][T25473] ? debug_smp_processor_id+0x17/0x20 [ 1758.564893][T25473] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1758.570796][T25473] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1758.576278][T25473] do_syscall_64+0x3d/0xb0 [ 1758.580514][T25473] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 1758.586162][T25473] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1758.591929][T25473] RIP: 0033:0x7f0ca8db8da9 [ 1758.596142][T25473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1758.615580][T25473] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1758.623833][T25473] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1758.631636][T25473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:42 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x0, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0xf4240, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2000056c, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x17, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1758.639447][T25473] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1758.647258][T25473] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1758.655067][T25473] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1758.662969][T25473] 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2000056d, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x0, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2000056e, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 07:45:42 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000001c000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2000056f, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:42 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x2, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:42 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x0, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1758.780907][T25501] FAULT_INJECTION: forcing a failure. [ 1758.780907][T25501] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1758.821009][T25501] CPU: 1 PID: 25501 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1758.832565][T25501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1758.842463][T25501] Call Trace: [ 1758.845580][T25501] [ 1758.848358][T25501] dump_stack_lvl+0x151/0x1b7 [ 1758.852872][T25501] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1758.858344][T25501] dump_stack+0x15/0x17 [ 1758.862331][T25501] should_fail+0x3c6/0x510 [ 1758.866584][T25501] should_fail_alloc_page+0x5a/0x80 [ 1758.871618][T25501] prepare_alloc_pages+0x15c/0x700 [ 1758.876566][T25501] ? __alloc_pages_bulk+0xe40/0xe40 [ 1758.881602][T25501] __alloc_pages+0x18c/0x8f0 [ 1758.886025][T25501] ? prep_new_page+0x110/0x110 [ 1758.890641][T25501] get_zeroed_page+0x1b/0x40 [ 1758.895051][T25501] __pud_alloc+0x8b/0x260 [ 1758.899218][T25501] ? stack_trace_snprint+0xf0/0xf0 [ 1758.904165][T25501] ? do_handle_mm_fault+0x2330/0x2330 [ 1758.909378][T25501] ? __stack_depot_save+0x34/0x470 [ 1758.914317][T25501] ? anon_vma_clone+0x9a/0x500 [ 1758.919442][T25501] copy_page_range+0x2bcf/0x2f90 [ 1758.924385][T25501] ? __kasan_slab_alloc+0xb1/0xe0 [ 1758.929247][T25501] ? slab_post_alloc_hook+0x53/0x2c0 [ 1758.934369][T25501] ? copy_mm+0xa3a/0x13e0 [ 1758.938534][T25501] ? copy_process+0x1149/0x3290 [ 1758.943221][T25501] ? kernel_clone+0x21e/0x9e0 [ 1758.947734][T25501] ? __x64_sys_clone+0x23f/0x290 [ 1758.952508][T25501] ? do_syscall_64+0x3d/0xb0 [ 1758.956932][T25501] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1758.962842][T25501] ? pfn_valid+0x1e0/0x1e0 [ 1758.967088][T25501] ? rwsem_write_trylock+0x15b/0x290 [ 1758.972208][T25501] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 1758.978465][T25501] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1758.984018][T25501] ? __rb_insert_augmented+0x5de/0x610 [ 1758.989310][T25501] copy_mm+0xc7e/0x13e0 [ 1758.993305][T25501] ? copy_signal+0x610/0x610 [ 1758.997725][T25501] ? __init_rwsem+0xd6/0x1c0 [ 1759.002159][T25501] ? copy_signal+0x4e3/0x610 [ 1759.006581][T25501] copy_process+0x1149/0x3290 [ 1759.011094][T25501] ? proc_fail_nth_write+0x20b/0x290 [ 1759.016300][T25501] ? fsnotify_perm+0x6a/0x5d0 [ 1759.020813][T25501] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1759.025759][T25501] ? vfs_write+0x9ec/0x1110 [ 1759.030107][T25501] kernel_clone+0x21e/0x9e0 [ 1759.034438][T25501] ? file_end_write+0x1c0/0x1c0 [ 1759.039125][T25501] ? create_io_thread+0x1e0/0x1e0 [ 1759.043988][T25501] ? mutex_unlock+0xb2/0x260 [ 1759.048412][T25501] ? __mutex_lock_slowpath+0x10/0x10 [ 1759.053536][T25501] __x64_sys_clone+0x23f/0x290 [ 1759.058134][T25501] ? __do_sys_vfork+0x130/0x130 [ 1759.062817][T25501] ? ksys_write+0x260/0x2c0 [ 1759.067158][T25501] ? debug_smp_processor_id+0x17/0x20 [ 1759.072364][T25501] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1759.078268][T25501] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1759.083737][T25501] do_syscall_64+0x3d/0xb0 [ 1759.087996][T25501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1759.093717][T25501] RIP: 0033:0x7f0ca8db8da9 [ 1759.098061][T25501] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1759.117585][T25501] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1a, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x3, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:43 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffff1f000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:43 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 07:45:43 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x0, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1759.125828][T25501] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1759.133642][T25501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1759.141455][T25501] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1759.149262][T25501] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1759.157075][T25501] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1759.164891][T25501] 07:45:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:43 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000020000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1759.233420][T25521] FAULT_INJECTION: forcing a failure. [ 1759.233420][T25521] name failslab, interval 1, probability 0, space 0, times 0 [ 1759.246983][T25521] CPU: 0 PID: 25521 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1759.258558][T25521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1759.268424][T25521] Call Trace: [ 1759.271544][T25521] [ 1759.274323][T25521] dump_stack_lvl+0x151/0x1b7 [ 1759.278833][T25521] ? sysvec_call_function_single+0x52/0xb0 [ 1759.284476][T25521] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1759.289946][T25521] ? __wake_up_klogd+0xd5/0x110 [ 1759.294633][T25521] dump_stack+0x15/0x17 [ 1759.298624][T25521] should_fail+0x3c6/0x510 [ 1759.302878][T25521] __should_failslab+0xa4/0xe0 [ 1759.307477][T25521] should_failslab+0x9/0x20 [ 1759.311816][T25521] slab_pre_alloc_hook+0x37/0xd0 [ 1759.316592][T25521] kmem_cache_alloc_trace+0x48/0x210 [ 1759.321709][T25521] ? mm_init+0x39a/0x970 [ 1759.325799][T25521] mm_init+0x39a/0x970 [ 1759.329699][T25521] copy_mm+0x1e3/0x13e0 [ 1759.333686][T25521] ? _raw_spin_lock+0xa4/0x1b0 [ 1759.338286][T25521] ? copy_signal+0x610/0x610 [ 1759.342711][T25521] ? __kasan_check_write+0x14/0x20 [ 1759.347661][T25521] ? __init_rwsem+0xd6/0x1c0 [ 1759.352085][T25521] ? copy_signal+0x4e3/0x610 [ 1759.356514][T25521] copy_process+0x1149/0x3290 [ 1759.361114][T25521] ? proc_fail_nth_write+0x20b/0x290 [ 1759.366239][T25521] ? fsnotify_perm+0x6a/0x5d0 [ 1759.370747][T25521] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1759.375696][T25521] ? vfs_write+0x9ec/0x1110 [ 1759.380046][T25521] kernel_clone+0x21e/0x9e0 [ 1759.384373][T25521] ? file_end_write+0x1c0/0x1c0 [ 1759.389078][T25521] ? create_io_thread+0x1e0/0x1e0 [ 1759.393924][T25521] ? mutex_unlock+0xb2/0x260 [ 1759.398348][T25521] ? __mutex_lock_slowpath+0x10/0x10 [ 1759.403468][T25521] __x64_sys_clone+0x23f/0x290 [ 1759.408076][T25521] ? __do_sys_vfork+0x130/0x130 [ 1759.412753][T25521] ? ksys_write+0x260/0x2c0 [ 1759.417095][T25521] ? debug_smp_processor_id+0x17/0x20 [ 1759.422303][T25521] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1759.428205][T25521] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1759.433672][T25521] do_syscall_64+0x3d/0xb0 [ 1759.437939][T25521] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1759.443658][T25521] RIP: 0033:0x7f0ca8db8da9 [ 1759.447926][T25521] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1759.467348][T25521] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1759.475686][T25521] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:43 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) [ 1759.483489][T25521] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1759.491310][T25521] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1759.499112][T25521] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1759.506922][T25521] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1759.514746][T25521] 07:45:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1c, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1759.537210][T25527] FAULT_INJECTION: forcing a failure. [ 1759.537210][T25527] name failslab, interval 1, probability 0, space 0, times 0 [ 1759.549793][T25527] CPU: 1 PID: 25527 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1759.561370][T25527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1759.571234][T25527] Call Trace: [ 1759.574357][T25527] [ 1759.577131][T25527] dump_stack_lvl+0x151/0x1b7 [ 1759.581640][T25527] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1759.587111][T25527] dump_stack+0x15/0x17 [ 1759.591102][T25527] should_fail+0x3c6/0x510 [ 1759.595354][T25527] __should_failslab+0xa4/0xe0 [ 1759.599953][T25527] ? vm_area_dup+0x26/0x230 [ 1759.604291][T25527] should_failslab+0x9/0x20 [ 1759.608631][T25527] slab_pre_alloc_hook+0x37/0xd0 [ 1759.613405][T25527] ? vm_area_dup+0x26/0x230 [ 1759.617747][T25527] kmem_cache_alloc+0x44/0x200 [ 1759.622345][T25527] vm_area_dup+0x26/0x230 [ 1759.626514][T25527] copy_mm+0x9a1/0x13e0 [ 1759.630509][T25527] ? copy_signal+0x610/0x610 [ 1759.634931][T25527] ? __init_rwsem+0xd6/0x1c0 [ 1759.639385][T25527] ? copy_signal+0x4e3/0x610 [ 1759.643785][T25527] copy_process+0x1149/0x3290 [ 1759.648298][T25527] ? proc_fail_nth_write+0x20b/0x290 [ 1759.653422][T25527] ? fsnotify_perm+0x6a/0x5d0 [ 1759.657940][T25527] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1759.662880][T25527] ? vfs_write+0x9ec/0x1110 [ 1759.667225][T25527] kernel_clone+0x21e/0x9e0 [ 1759.671558][T25527] ? file_end_write+0x1c0/0x1c0 [ 1759.676244][T25527] ? create_io_thread+0x1e0/0x1e0 [ 1759.681102][T25527] ? mutex_unlock+0xb2/0x260 [ 1759.685529][T25527] ? __mutex_lock_slowpath+0x10/0x10 [ 1759.690652][T25527] __x64_sys_clone+0x23f/0x290 [ 1759.695248][T25527] ? __do_sys_vfork+0x130/0x130 [ 1759.699935][T25527] ? ksys_write+0x260/0x2c0 [ 1759.704277][T25527] ? debug_smp_processor_id+0x17/0x20 [ 1759.709485][T25527] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1759.715384][T25527] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1759.720856][T25527] do_syscall_64+0x3d/0xb0 [ 1759.725106][T25527] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1759.730833][T25527] RIP: 0033:0x7f0ca8db8da9 [ 1759.735088][T25527] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1759.754538][T25527] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1759.762774][T25527] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1759.770586][T25527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1759.778480][T25527] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x5, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x6, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:43 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x0, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:43 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:43 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) [ 1759.786292][T25527] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1759.794111][T25527] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1759.801929][T25527] 07:45:43 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:43 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000028000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1759.862616][T25539] FAULT_INJECTION: forcing a failure. [ 1759.862616][T25539] name failslab, interval 1, probability 0, space 0, times 0 [ 1759.875198][T25539] CPU: 1 PID: 25539 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1759.886731][T25539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1759.896628][T25539] Call Trace: [ 1759.899749][T25539] [ 1759.902528][T25539] dump_stack_lvl+0x151/0x1b7 [ 1759.907040][T25539] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1759.912511][T25539] ? __alloc_pages+0x27e/0x8f0 [ 1759.917107][T25539] dump_stack+0x15/0x17 [ 1759.921099][T25539] should_fail+0x3c6/0x510 [ 1759.925355][T25539] __should_failslab+0xa4/0xe0 [ 1759.929952][T25539] ? vm_area_dup+0x26/0x230 [ 1759.934291][T25539] should_failslab+0x9/0x20 [ 1759.938636][T25539] slab_pre_alloc_hook+0x37/0xd0 [ 1759.943409][T25539] ? vm_area_dup+0x26/0x230 [ 1759.947745][T25539] kmem_cache_alloc+0x44/0x200 [ 1759.952355][T25539] vm_area_dup+0x26/0x230 [ 1759.956511][T25539] copy_mm+0x9a1/0x13e0 [ 1759.960507][T25539] ? copy_signal+0x610/0x610 [ 1759.964929][T25539] ? __init_rwsem+0xd6/0x1c0 [ 1759.969358][T25539] ? copy_signal+0x4e3/0x610 [ 1759.973784][T25539] copy_process+0x1149/0x3290 [ 1759.978298][T25539] ? proc_fail_nth_write+0x20b/0x290 [ 1759.983416][T25539] ? fsnotify_perm+0x6a/0x5d0 [ 1759.987930][T25539] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1759.992875][T25539] ? vfs_write+0x9ec/0x1110 [ 1759.997217][T25539] kernel_clone+0x21e/0x9e0 [ 1760.001555][T25539] ? file_end_write+0x1c0/0x1c0 [ 1760.006243][T25539] ? create_io_thread+0x1e0/0x1e0 [ 1760.011101][T25539] ? mutex_unlock+0xb2/0x260 [ 1760.015703][T25539] ? __mutex_lock_slowpath+0x10/0x10 [ 1760.020823][T25539] __x64_sys_clone+0x23f/0x290 [ 1760.025447][T25539] ? __do_sys_vfork+0x130/0x130 [ 1760.030111][T25539] ? ksys_write+0x260/0x2c0 [ 1760.034453][T25539] ? debug_smp_processor_id+0x17/0x20 [ 1760.039659][T25539] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1760.045559][T25539] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1760.051032][T25539] do_syscall_64+0x3d/0xb0 [ 1760.055279][T25539] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1760.061007][T25539] RIP: 0033:0x7f0ca8db8da9 [ 1760.065269][T25539] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1760.084704][T25539] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1760.092944][T25539] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1760.100757][T25539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:44 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:44 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:44 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) [ 1760.108569][T25539] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1760.116378][T25539] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1760.124189][T25539] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1760.132007][T25539] 07:45:44 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x25, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1760.162273][T25549] FAULT_INJECTION: forcing a failure. [ 1760.162273][T25549] name failslab, interval 1, probability 0, space 0, times 0 [ 1760.185870][T25549] CPU: 1 PID: 25549 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1760.197425][T25549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1760.207315][T25549] Call Trace: [ 1760.210441][T25549] [ 1760.213217][T25549] dump_stack_lvl+0x151/0x1b7 [ 1760.217736][T25549] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1760.223215][T25549] ? avc_denied+0x1b0/0x1b0 [ 1760.227538][T25549] dump_stack+0x15/0x17 [ 1760.231532][T25549] should_fail+0x3c6/0x510 [ 1760.235785][T25549] __should_failslab+0xa4/0xe0 [ 1760.240383][T25549] ? vm_area_dup+0x26/0x230 [ 1760.244722][T25549] should_failslab+0x9/0x20 [ 1760.249148][T25549] slab_pre_alloc_hook+0x37/0xd0 [ 1760.253922][T25549] ? vm_area_dup+0x26/0x230 [ 1760.258348][T25549] kmem_cache_alloc+0x44/0x200 [ 1760.262950][T25549] vm_area_dup+0x26/0x230 [ 1760.267115][T25549] copy_mm+0x9a1/0x13e0 [ 1760.271109][T25549] ? copy_signal+0x610/0x610 [ 1760.275534][T25549] ? __init_rwsem+0xd6/0x1c0 [ 1760.279961][T25549] ? copy_signal+0x4e3/0x610 [ 1760.284388][T25549] copy_process+0x1149/0x3290 [ 1760.288903][T25549] ? proc_fail_nth_write+0x20b/0x290 [ 1760.294019][T25549] ? fsnotify_perm+0x6a/0x5d0 [ 1760.298533][T25549] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1760.303478][T25549] ? vfs_write+0x9ec/0x1110 [ 1760.307821][T25549] kernel_clone+0x21e/0x9e0 [ 1760.312158][T25549] ? file_end_write+0x1c0/0x1c0 [ 1760.316845][T25549] ? create_io_thread+0x1e0/0x1e0 [ 1760.321705][T25549] ? mutex_unlock+0xb2/0x260 [ 1760.326132][T25549] ? __mutex_lock_slowpath+0x10/0x10 [ 1760.331256][T25549] __x64_sys_clone+0x23f/0x290 [ 1760.335856][T25549] ? __do_sys_vfork+0x130/0x130 [ 1760.340540][T25549] ? ksys_write+0x260/0x2c0 [ 1760.344881][T25549] ? debug_smp_processor_id+0x17/0x20 [ 1760.350103][T25549] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1760.355990][T25549] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1760.361456][T25549] do_syscall_64+0x3d/0xb0 [ 1760.365709][T25549] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1760.371436][T25549] RIP: 0033:0x7f0ca8db8da9 [ 1760.375691][T25549] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1760.395141][T25549] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1760.403376][T25549] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:44 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000128000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0x43eb3, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1e, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1760.411196][T25549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1760.419002][T25549] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1760.426808][T25549] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1760.434621][T25549] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1760.442440][T25549] 07:45:44 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x0, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x21, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x28, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000030000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xf4240, 0x18, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x0, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x2, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x3, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x0, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:44 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 07:45:44 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xf4240, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x4, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000038000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x5, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1760.664337][T25580] FAULT_INJECTION: forcing a failure. [ 1760.664337][T25580] name failslab, interval 1, probability 0, space 0, times 0 [ 1760.711804][T25580] CPU: 1 PID: 25580 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1760.723370][T25580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1760.733255][T25580] Call Trace: [ 1760.736381][T25580] [ 1760.739160][T25580] dump_stack_lvl+0x151/0x1b7 [ 1760.743671][T25580] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1760.749137][T25580] dump_stack+0x15/0x17 [ 1760.753128][T25580] should_fail+0x3c6/0x510 [ 1760.757386][T25580] __should_failslab+0xa4/0xe0 [ 1760.761983][T25580] ? vm_area_dup+0x26/0x230 [ 1760.766322][T25580] should_failslab+0x9/0x20 [ 1760.770661][T25580] slab_pre_alloc_hook+0x37/0xd0 [ 1760.775487][T25580] ? vm_area_dup+0x26/0x230 [ 1760.779772][T25580] kmem_cache_alloc+0x44/0x200 [ 1760.784376][T25580] vm_area_dup+0x26/0x230 [ 1760.788540][T25580] copy_mm+0x9a1/0x13e0 [ 1760.792534][T25580] ? copy_signal+0x610/0x610 [ 1760.796958][T25580] ? __init_rwsem+0xd6/0x1c0 [ 1760.801385][T25580] ? copy_signal+0x4e3/0x610 [ 1760.805810][T25580] copy_process+0x1149/0x3290 [ 1760.810326][T25580] ? proc_fail_nth_write+0x20b/0x290 [ 1760.815535][T25580] ? fsnotify_perm+0x6a/0x5d0 [ 1760.820048][T25580] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1760.824993][T25580] ? vfs_write+0x9ec/0x1110 [ 1760.829332][T25580] kernel_clone+0x21e/0x9e0 [ 1760.833671][T25580] ? file_end_write+0x1c0/0x1c0 [ 1760.838360][T25580] ? create_io_thread+0x1e0/0x1e0 [ 1760.843219][T25580] ? mutex_unlock+0xb2/0x260 [ 1760.847645][T25580] ? __mutex_lock_slowpath+0x10/0x10 [ 1760.852767][T25580] __x64_sys_clone+0x23f/0x290 [ 1760.857365][T25580] ? __do_sys_vfork+0x130/0x130 [ 1760.862051][T25580] ? ksys_write+0x260/0x2c0 [ 1760.866390][T25580] ? debug_smp_processor_id+0x17/0x20 [ 1760.871599][T25580] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1760.877499][T25580] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1760.882972][T25580] do_syscall_64+0x3d/0xb0 [ 1760.887226][T25580] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1760.892950][T25580] RIP: 0033:0x7f0ca8db8da9 [ 1760.897203][T25580] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1760.916645][T25580] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1760.924894][T25580] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1760.932702][T25580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1760.940511][T25580] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1760.948320][T25580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:44 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x0, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1760.956132][T25580] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1760.963950][T25580] [ 1761.003985][T25588] FAULT_INJECTION: forcing a failure. [ 1761.003985][T25588] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.024757][T25588] CPU: 0 PID: 25588 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1761.036323][T25588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1761.046216][T25588] Call Trace: [ 1761.049334][T25588] [ 1761.052115][T25588] dump_stack_lvl+0x151/0x1b7 [ 1761.056627][T25588] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1761.062091][T25588] ? avc_denied+0x1b0/0x1b0 [ 1761.066432][T25588] dump_stack+0x15/0x17 [ 1761.070435][T25588] should_fail+0x3c6/0x510 [ 1761.074685][T25588] __should_failslab+0xa4/0xe0 [ 1761.079276][T25588] ? vm_area_dup+0x26/0x230 [ 1761.083616][T25588] should_failslab+0x9/0x20 [ 1761.087956][T25588] slab_pre_alloc_hook+0x37/0xd0 [ 1761.092739][T25588] ? vm_area_dup+0x26/0x230 [ 1761.097074][T25588] kmem_cache_alloc+0x44/0x200 [ 1761.101670][T25588] vm_area_dup+0x26/0x230 [ 1761.105837][T25588] copy_mm+0x9a1/0x13e0 [ 1761.109829][T25588] ? copy_signal+0x610/0x610 [ 1761.114252][T25588] ? __init_rwsem+0xd6/0x1c0 [ 1761.118680][T25588] ? copy_signal+0x4e3/0x610 [ 1761.123108][T25588] copy_process+0x1149/0x3290 [ 1761.127623][T25588] ? proc_fail_nth_write+0x20b/0x290 [ 1761.132741][T25588] ? fsnotify_perm+0x6a/0x5d0 [ 1761.137256][T25588] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1761.142200][T25588] ? vfs_write+0x9ec/0x1110 [ 1761.146541][T25588] kernel_clone+0x21e/0x9e0 [ 1761.150881][T25588] ? file_end_write+0x1c0/0x1c0 [ 1761.155569][T25588] ? create_io_thread+0x1e0/0x1e0 [ 1761.160426][T25588] ? mutex_unlock+0xb2/0x260 [ 1761.164853][T25588] ? __mutex_lock_slowpath+0x10/0x10 [ 1761.169981][T25588] __x64_sys_clone+0x23f/0x290 [ 1761.174572][T25588] ? __do_sys_vfork+0x130/0x130 [ 1761.179357][T25588] ? ksys_write+0x260/0x2c0 [ 1761.183703][T25588] ? debug_smp_processor_id+0x17/0x20 [ 1761.188896][T25588] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1761.194803][T25588] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1761.200265][T25588] do_syscall_64+0x3d/0xb0 [ 1761.204515][T25588] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1761.210249][T25588] RIP: 0033:0x7f0ca8db8da9 [ 1761.214499][T25588] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1761.233941][T25588] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1761.242183][T25588] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:44 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:44 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000138000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:45 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000000000003f000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x8, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1761.250012][T25588] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1761.257805][T25588] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1761.265617][T25588] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1761.273429][T25588] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1761.281247][T25588] 07:45:45 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 07:45:45 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x0, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x9, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1761.348395][T25600] FAULT_INJECTION: forcing a failure. [ 1761.348395][T25600] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.403396][T25600] CPU: 0 PID: 25600 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1761.414968][T25600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1761.424867][T25600] Call Trace: [ 1761.427990][T25600] [ 1761.430769][T25600] dump_stack_lvl+0x151/0x1b7 [ 1761.435282][T25600] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1761.440752][T25600] ? avc_denied+0x1b0/0x1b0 [ 1761.445090][T25600] dump_stack+0x15/0x17 [ 1761.449083][T25600] should_fail+0x3c6/0x510 [ 1761.453331][T25600] __should_failslab+0xa4/0xe0 [ 1761.457930][T25600] ? vm_area_dup+0x26/0x230 [ 1761.462269][T25600] should_failslab+0x9/0x20 [ 1761.466607][T25600] slab_pre_alloc_hook+0x37/0xd0 [ 1761.471383][T25600] ? vm_area_dup+0x26/0x230 [ 1761.475725][T25600] kmem_cache_alloc+0x44/0x200 [ 1761.480323][T25600] vm_area_dup+0x26/0x230 [ 1761.484486][T25600] copy_mm+0x9a1/0x13e0 [ 1761.488478][T25600] ? copy_signal+0x610/0x610 [ 1761.492898][T25600] ? __init_rwsem+0xd6/0x1c0 [ 1761.497326][T25600] ? copy_signal+0x4e3/0x610 [ 1761.501761][T25600] copy_process+0x1149/0x3290 [ 1761.506270][T25600] ? proc_fail_nth_write+0x20b/0x290 [ 1761.511386][T25600] ? fsnotify_perm+0x6a/0x5d0 [ 1761.515900][T25600] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1761.520846][T25600] ? vfs_write+0x9ec/0x1110 [ 1761.525189][T25600] kernel_clone+0x21e/0x9e0 [ 1761.529963][T25600] ? file_end_write+0x1c0/0x1c0 [ 1761.534648][T25600] ? create_io_thread+0x1e0/0x1e0 [ 1761.539508][T25600] ? mutex_unlock+0xb2/0x260 [ 1761.543937][T25600] ? __mutex_lock_slowpath+0x10/0x10 [ 1761.549749][T25600] __x64_sys_clone+0x23f/0x290 [ 1761.554363][T25600] ? __do_sys_vfork+0x130/0x130 [ 1761.559036][T25600] ? ksys_write+0x260/0x2c0 [ 1761.563396][T25600] ? debug_smp_processor_id+0x17/0x20 [ 1761.568582][T25600] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1761.574484][T25600] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1761.579955][T25600] do_syscall_64+0x3d/0xb0 [ 1761.584208][T25600] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1761.589933][T25600] RIP: 0033:0x7f0ca8db8da9 [ 1761.594190][T25600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1761.613632][T25600] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1761.621872][T25600] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1761.629685][T25600] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1761.637494][T25600] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1761.645304][T25600] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:45 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000040000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:45 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:45 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) [ 1761.653116][T25600] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1761.660933][T25600] [ 1761.709778][T25612] FAULT_INJECTION: forcing a failure. [ 1761.709778][T25612] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.723403][T25612] CPU: 0 PID: 25612 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1761.734952][T25612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1761.744839][T25612] Call Trace: [ 1761.747961][T25612] [ 1761.750739][T25612] dump_stack_lvl+0x151/0x1b7 [ 1761.755254][T25612] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1761.760727][T25612] dump_stack+0x15/0x17 [ 1761.764718][T25612] should_fail+0x3c6/0x510 [ 1761.768968][T25612] __should_failslab+0xa4/0xe0 [ 1761.773565][T25612] ? anon_vma_clone+0x9a/0x500 [ 1761.778167][T25612] should_failslab+0x9/0x20 [ 1761.782506][T25612] slab_pre_alloc_hook+0x37/0xd0 [ 1761.787279][T25612] ? anon_vma_clone+0x9a/0x500 [ 1761.791878][T25612] kmem_cache_alloc+0x44/0x200 [ 1761.796482][T25612] anon_vma_clone+0x9a/0x500 [ 1761.800906][T25612] anon_vma_fork+0x91/0x4e0 [ 1761.805245][T25612] ? anon_vma_name+0x4c/0x70 [ 1761.809672][T25612] ? vm_area_dup+0x17a/0x230 [ 1761.814098][T25612] copy_mm+0xa3a/0x13e0 [ 1761.818093][T25612] ? copy_signal+0x610/0x610 [ 1761.822519][T25612] ? __init_rwsem+0xd6/0x1c0 [ 1761.826945][T25612] ? copy_signal+0x4e3/0x610 [ 1761.831369][T25612] copy_process+0x1149/0x3290 [ 1761.835884][T25612] ? proc_fail_nth_write+0x20b/0x290 [ 1761.841006][T25612] ? fsnotify_perm+0x6a/0x5d0 [ 1761.845517][T25612] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1761.850463][T25612] ? vfs_write+0x9ec/0x1110 [ 1761.854806][T25612] kernel_clone+0x21e/0x9e0 [ 1761.859142][T25612] ? file_end_write+0x1c0/0x1c0 [ 1761.863830][T25612] ? create_io_thread+0x1e0/0x1e0 [ 1761.868710][T25612] ? mutex_unlock+0xb2/0x260 [ 1761.873118][T25612] ? __mutex_lock_slowpath+0x10/0x10 [ 1761.878261][T25612] __x64_sys_clone+0x23f/0x290 [ 1761.882848][T25612] ? __do_sys_vfork+0x130/0x130 [ 1761.887525][T25612] ? ksys_write+0x260/0x2c0 [ 1761.891863][T25612] ? debug_smp_processor_id+0x17/0x20 [ 1761.897186][T25612] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1761.903072][T25612] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1761.908545][T25612] do_syscall_64+0x3d/0xb0 [ 1761.912793][T25612] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1761.918523][T25612] RIP: 0033:0x7f0ca8db8da9 [ 1761.922791][T25612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1761.942223][T25612] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1761.950459][T25612] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:45 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xa, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:45 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) [ 1761.958271][T25612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1761.966085][T25612] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1761.973897][T25612] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1761.981716][T25612] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1761.989524][T25612] 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xb, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.040522][T25617] FAULT_INJECTION: forcing a failure. [ 1762.040522][T25617] name failslab, interval 1, probability 0, space 0, times 0 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xc, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.085477][T25617] CPU: 1 PID: 25617 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1762.097038][T25617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1762.106929][T25617] Call Trace: [ 1762.110059][T25617] [ 1762.112834][T25617] dump_stack_lvl+0x151/0x1b7 [ 1762.117340][T25617] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1762.122808][T25617] dump_stack+0x15/0x17 [ 1762.126800][T25617] should_fail+0x3c6/0x510 [ 1762.131058][T25617] __should_failslab+0xa4/0xe0 [ 1762.135650][T25617] ? anon_vma_clone+0x9a/0x500 [ 1762.140251][T25617] should_failslab+0x9/0x20 [ 1762.144591][T25617] slab_pre_alloc_hook+0x37/0xd0 [ 1762.149389][T25617] ? anon_vma_clone+0x9a/0x500 [ 1762.153980][T25617] kmem_cache_alloc+0x44/0x200 [ 1762.158567][T25617] anon_vma_clone+0x9a/0x500 [ 1762.162991][T25617] anon_vma_fork+0x91/0x4e0 [ 1762.167334][T25617] ? anon_vma_name+0x4c/0x70 [ 1762.171756][T25617] ? vm_area_dup+0x17a/0x230 [ 1762.176180][T25617] copy_mm+0xa3a/0x13e0 [ 1762.180179][T25617] ? copy_signal+0x610/0x610 [ 1762.184603][T25617] ? __init_rwsem+0xd6/0x1c0 [ 1762.189026][T25617] ? copy_signal+0x4e3/0x610 [ 1762.193464][T25617] copy_process+0x1149/0x3290 [ 1762.198141][T25617] ? proc_fail_nth_write+0x20b/0x290 [ 1762.203263][T25617] ? fsnotify_perm+0x6a/0x5d0 [ 1762.207775][T25617] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1762.212722][T25617] ? vfs_write+0x9ec/0x1110 [ 1762.217060][T25617] kernel_clone+0x21e/0x9e0 [ 1762.221402][T25617] ? file_end_write+0x1c0/0x1c0 [ 1762.226180][T25617] ? create_io_thread+0x1e0/0x1e0 [ 1762.231035][T25617] ? mutex_unlock+0xb2/0x260 [ 1762.235462][T25617] ? __mutex_lock_slowpath+0x10/0x10 [ 1762.240583][T25617] __x64_sys_clone+0x23f/0x290 [ 1762.245180][T25617] ? __do_sys_vfork+0x130/0x130 [ 1762.249868][T25617] ? ksys_write+0x260/0x2c0 [ 1762.254213][T25617] ? debug_smp_processor_id+0x17/0x20 [ 1762.259417][T25617] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1762.265317][T25617] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1762.270786][T25617] do_syscall_64+0x3d/0xb0 [ 1762.275036][T25617] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1762.280766][T25617] RIP: 0033:0x7f0ca8db8da9 [ 1762.285022][T25617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1762.304462][T25617] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1762.312705][T25617] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1762.320523][T25617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1762.328329][T25617] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:46 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:46 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000048000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:46 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xd, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.336265][T25617] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1762.344072][T25617] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1762.351861][T25617] 07:45:46 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) 07:45:46 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x5, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xe, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:46 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:46 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xf, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.438054][T25631] FAULT_INJECTION: forcing a failure. [ 1762.438054][T25631] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.482398][T25631] CPU: 1 PID: 25631 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1762.493988][T25631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1762.503849][T25631] Call Trace: [ 1762.506973][T25631] [ 1762.509750][T25631] dump_stack_lvl+0x151/0x1b7 [ 1762.514262][T25631] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1762.519729][T25631] dump_stack+0x15/0x17 [ 1762.523721][T25631] should_fail+0x3c6/0x510 [ 1762.527974][T25631] __should_failslab+0xa4/0xe0 [ 1762.532576][T25631] ? vm_area_dup+0x26/0x230 [ 1762.536912][T25631] should_failslab+0x9/0x20 [ 1762.541255][T25631] slab_pre_alloc_hook+0x37/0xd0 [ 1762.546027][T25631] ? vm_area_dup+0x26/0x230 [ 1762.550368][T25631] kmem_cache_alloc+0x44/0x200 [ 1762.554970][T25631] vm_area_dup+0x26/0x230 [ 1762.559135][T25631] copy_mm+0x9a1/0x13e0 [ 1762.563128][T25631] ? copy_signal+0x610/0x610 [ 1762.567551][T25631] ? __init_rwsem+0xd6/0x1c0 [ 1762.571977][T25631] ? copy_signal+0x4e3/0x610 [ 1762.576404][T25631] copy_process+0x1149/0x3290 [ 1762.580938][T25631] ? proc_fail_nth_write+0x20b/0x290 [ 1762.586041][T25631] ? fsnotify_perm+0x6a/0x5d0 [ 1762.590552][T25631] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1762.595498][T25631] ? vfs_write+0x9ec/0x1110 [ 1762.599838][T25631] kernel_clone+0x21e/0x9e0 [ 1762.604178][T25631] ? file_end_write+0x1c0/0x1c0 [ 1762.608866][T25631] ? create_io_thread+0x1e0/0x1e0 [ 1762.613724][T25631] ? mutex_unlock+0xb2/0x260 [ 1762.618153][T25631] ? __mutex_lock_slowpath+0x10/0x10 [ 1762.623273][T25631] __x64_sys_clone+0x23f/0x290 [ 1762.627873][T25631] ? __do_sys_vfork+0x130/0x130 [ 1762.632555][T25631] ? ksys_write+0x260/0x2c0 [ 1762.636898][T25631] ? debug_smp_processor_id+0x17/0x20 [ 1762.642104][T25631] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1762.648007][T25631] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1762.653476][T25631] do_syscall_64+0x3d/0xb0 [ 1762.657728][T25631] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1762.663456][T25631] RIP: 0033:0x7f0ca8db8da9 [ 1762.667711][T25631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1762.687148][T25631] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1762.695393][T25631] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1762.703207][T25631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1762.711019][T25631] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1762.718828][T25631] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:46 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) 07:45:46 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:46 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000058000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x10, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.726640][T25631] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1762.734464][T25631] 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x11, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:46 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0xf, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:46 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x0, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:46 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000060000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:46 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x12, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1762.823695][T25644] FAULT_INJECTION: forcing a failure. [ 1762.823695][T25644] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1762.848503][T25644] CPU: 0 PID: 25644 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1762.860055][T25644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1762.869952][T25644] Call Trace: [ 1762.873076][T25644] [ 1762.875853][T25644] dump_stack_lvl+0x151/0x1b7 [ 1762.880363][T25644] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1762.885831][T25644] dump_stack+0x15/0x17 [ 1762.894260][T25644] should_fail+0x3c6/0x510 [ 1762.898510][T25644] should_fail_alloc_page+0x5a/0x80 [ 1762.903541][T25644] prepare_alloc_pages+0x15c/0x700 [ 1762.908494][T25644] ? __alloc_pages+0x8f0/0x8f0 [ 1762.913090][T25644] ? __alloc_pages_bulk+0xe40/0xe40 [ 1762.918131][T25644] __alloc_pages+0x18c/0x8f0 [ 1762.922557][T25644] ? prep_new_page+0x110/0x110 [ 1762.927151][T25644] ? is_bpf_text_address+0x172/0x190 [ 1762.932273][T25644] pte_alloc_one+0x73/0x1b0 [ 1762.936611][T25644] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1762.941643][T25644] ? arch_stack_walk+0xf3/0x140 [ 1762.946332][T25644] __pte_alloc+0x86/0x350 [ 1762.950497][T25644] ? free_pgtables+0x280/0x280 [ 1762.955095][T25644] ? _raw_spin_lock+0xa4/0x1b0 [ 1762.959697][T25644] ? __kasan_check_write+0x14/0x20 [ 1762.964649][T25644] copy_page_range+0x28a8/0x2f90 [ 1762.969418][T25644] ? __kasan_slab_alloc+0xb1/0xe0 [ 1762.974293][T25644] ? pfn_valid+0x1e0/0x1e0 [ 1762.978530][T25644] ? vma_gap_callbacks_rotate+0x1b7/0x210 [ 1762.984088][T25644] ? __rb_insert_augmented+0x5de/0x610 [ 1762.989383][T25644] copy_mm+0xc7e/0x13e0 [ 1762.993375][T25644] ? copy_signal+0x610/0x610 [ 1762.997799][T25644] ? __init_rwsem+0xd6/0x1c0 [ 1763.002224][T25644] ? copy_signal+0x4e3/0x610 [ 1763.006649][T25644] copy_process+0x1149/0x3290 [ 1763.011167][T25644] ? proc_fail_nth_write+0x20b/0x290 [ 1763.016286][T25644] ? fsnotify_perm+0x6a/0x5d0 [ 1763.020796][T25644] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1763.025745][T25644] ? vfs_write+0x9ec/0x1110 [ 1763.030086][T25644] kernel_clone+0x21e/0x9e0 [ 1763.034424][T25644] ? file_end_write+0x1c0/0x1c0 [ 1763.039112][T25644] ? create_io_thread+0x1e0/0x1e0 [ 1763.043973][T25644] ? mutex_unlock+0xb2/0x260 [ 1763.048397][T25644] ? __mutex_lock_slowpath+0x10/0x10 [ 1763.053518][T25644] __x64_sys_clone+0x23f/0x290 [ 1763.058120][T25644] ? __do_sys_vfork+0x130/0x130 [ 1763.062829][T25644] ? ksys_write+0x260/0x2c0 [ 1763.067147][T25644] ? debug_smp_processor_id+0x17/0x20 [ 1763.072447][T25644] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1763.078345][T25644] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1763.083807][T25644] do_syscall_64+0x3d/0xb0 [ 1763.088063][T25644] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1763.093797][T25644] RIP: 0033:0x7f0ca8db8da9 [ 1763.098092][T25644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x14, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x15, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x16, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1763.117481][T25644] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1763.125728][T25644] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1763.133540][T25644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1763.141348][T25644] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1763.149162][T25644] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1763.156975][T25644] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1763.164809][T25644] 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x17, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x14, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x1c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x0, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:47 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x15, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x1d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1763.268124][T25680] FAULT_INJECTION: forcing a failure. [ 1763.268124][T25680] name failslab, interval 1, probability 0, space 0, times 0 [ 1763.286532][T25680] CPU: 0 PID: 25680 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1763.298096][T25680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1763.307993][T25680] Call Trace: [ 1763.311109][T25680] [ 1763.313911][T25680] dump_stack_lvl+0x151/0x1b7 [ 1763.318401][T25680] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1763.323865][T25680] dump_stack+0x15/0x17 [ 1763.327859][T25680] should_fail+0x3c6/0x510 [ 1763.332114][T25680] __should_failslab+0xa4/0xe0 [ 1763.336712][T25680] ? anon_vma_fork+0x1df/0x4e0 [ 1763.341314][T25680] should_failslab+0x9/0x20 [ 1763.345650][T25680] slab_pre_alloc_hook+0x37/0xd0 [ 1763.350426][T25680] ? anon_vma_fork+0x1df/0x4e0 [ 1763.355027][T25680] kmem_cache_alloc+0x44/0x200 [ 1763.359625][T25680] anon_vma_fork+0x1df/0x4e0 [ 1763.364051][T25680] copy_mm+0xa3a/0x13e0 [ 1763.368047][T25680] ? copy_signal+0x610/0x610 [ 1763.372470][T25680] ? __init_rwsem+0xd6/0x1c0 [ 1763.376896][T25680] ? copy_signal+0x4e3/0x610 [ 1763.381325][T25680] copy_process+0x1149/0x3290 [ 1763.385837][T25680] ? proc_fail_nth_write+0x20b/0x290 [ 1763.390965][T25680] ? fsnotify_perm+0x6a/0x5d0 [ 1763.395472][T25680] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1763.400417][T25680] ? vfs_write+0x9ec/0x1110 [ 1763.404758][T25680] kernel_clone+0x21e/0x9e0 [ 1763.409094][T25680] ? file_end_write+0x1c0/0x1c0 [ 1763.413784][T25680] ? create_io_thread+0x1e0/0x1e0 [ 1763.418656][T25680] ? mutex_unlock+0xb2/0x260 [ 1763.423073][T25680] ? __mutex_lock_slowpath+0x10/0x10 [ 1763.428296][T25680] __x64_sys_clone+0x23f/0x290 [ 1763.432880][T25680] ? __do_sys_vfork+0x130/0x130 [ 1763.437566][T25680] ? ksys_write+0x260/0x2c0 [ 1763.441903][T25680] ? debug_smp_processor_id+0x17/0x20 [ 1763.447112][T25680] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1763.453013][T25680] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1763.458566][T25680] do_syscall_64+0x3d/0xb0 [ 1763.462819][T25680] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1763.468548][T25680] RIP: 0033:0x7f0ca8db8da9 [ 1763.472800][T25680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1763.492251][T25680] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1763.500571][T25680] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1763.508385][T25680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:47 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000068000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x16, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x0, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x1e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x17, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1763.516194][T25680] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1763.524009][T25680] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1763.531816][T25680] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1763.539633][T25680] 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x21, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x24, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x25, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1763.591596][T25694] FAULT_INJECTION: forcing a failure. [ 1763.591596][T25694] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1763.644576][T25694] CPU: 1 PID: 25694 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1763.656137][T25694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1763.666029][T25694] Call Trace: [ 1763.669150][T25694] [ 1763.671928][T25694] dump_stack_lvl+0x151/0x1b7 [ 1763.676443][T25694] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1763.681913][T25694] dump_stack+0x15/0x17 [ 1763.685902][T25694] should_fail+0x3c6/0x510 [ 1763.690154][T25694] should_fail_alloc_page+0x5a/0x80 [ 1763.695188][T25694] prepare_alloc_pages+0x15c/0x700 [ 1763.700140][T25694] ? __alloc_pages_bulk+0xe40/0xe40 [ 1763.705183][T25694] __alloc_pages+0x18c/0x8f0 [ 1763.709597][T25694] ? prep_new_page+0x110/0x110 [ 1763.714195][T25694] ? __alloc_pages+0x3cb/0x8f0 [ 1763.718797][T25694] ? __kasan_check_write+0x14/0x20 [ 1763.723745][T25694] ? _raw_spin_lock+0xa4/0x1b0 [ 1763.728341][T25694] __pmd_alloc+0xb1/0x550 [ 1763.732510][T25694] ? __pud_alloc+0x260/0x260 [ 1763.736935][T25694] ? __pud_alloc+0x213/0x260 [ 1763.741363][T25694] ? do_handle_mm_fault+0x2330/0x2330 [ 1763.746569][T25694] ? __stack_depot_save+0x34/0x470 [ 1763.751515][T25694] ? anon_vma_clone+0x9a/0x500 [ 1763.756115][T25694] copy_page_range+0x2b3d/0x2f90 [ 1763.760904][T25694] ? __kasan_slab_alloc+0xb1/0xe0 [ 1763.765749][T25694] ? slab_post_alloc_hook+0x53/0x2c0 [ 1763.770871][T25694] ? copy_mm+0xa3a/0x13e0 [ 1763.775036][T25694] ? copy_process+0x1149/0x3290 [ 1763.779723][T25694] ? kernel_clone+0x21e/0x9e0 [ 1763.784236][T25694] ? do_syscall_64+0x3d/0xb0 [ 1763.788664][T25694] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1763.794570][T25694] ? pfn_valid+0x1e0/0x1e0 [ 1763.798819][T25694] ? rwsem_write_trylock+0x15b/0x290 [ 1763.803941][T25694] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 1763.810189][T25694] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1763.815744][T25694] ? __rb_insert_augmented+0x5de/0x610 [ 1763.821038][T25694] copy_mm+0xc7e/0x13e0 [ 1763.825031][T25694] ? copy_signal+0x610/0x610 [ 1763.829462][T25694] ? __init_rwsem+0xd6/0x1c0 [ 1763.833882][T25694] ? copy_signal+0x4e3/0x610 [ 1763.838309][T25694] copy_process+0x1149/0x3290 [ 1763.842824][T25694] ? proc_fail_nth_write+0x20b/0x290 [ 1763.847947][T25694] ? fsnotify_perm+0x6a/0x5d0 [ 1763.852456][T25694] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1763.857403][T25694] ? vfs_write+0x9ec/0x1110 [ 1763.861743][T25694] kernel_clone+0x21e/0x9e0 [ 1763.866079][T25694] ? file_end_write+0x1c0/0x1c0 [ 1763.870769][T25694] ? create_io_thread+0x1e0/0x1e0 [ 1763.875630][T25694] ? mutex_unlock+0xb2/0x260 [ 1763.880055][T25694] ? __mutex_lock_slowpath+0x10/0x10 [ 1763.885176][T25694] __x64_sys_clone+0x23f/0x290 [ 1763.889777][T25694] ? __do_sys_vfork+0x130/0x130 [ 1763.894461][T25694] ? ksys_write+0x260/0x2c0 [ 1763.898801][T25694] ? debug_smp_processor_id+0x17/0x20 [ 1763.904009][T25694] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1763.909911][T25694] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1763.915382][T25694] do_syscall_64+0x3d/0xb0 [ 1763.919630][T25694] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1763.925358][T25694] RIP: 0033:0x7f0ca8db8da9 [ 1763.929611][T25694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1763.949051][T25694] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1763.957386][T25694] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1763.965195][T25694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1763.973009][T25694] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1763.980822][T25694] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1763.988629][T25694] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x26, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 07:45:47 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x27, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:47 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000070000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:47 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1763.996445][T25694] 07:45:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x21, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x29, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x24, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x2c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x2d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x25, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1764.118610][T25717] FAULT_INJECTION: forcing a failure. [ 1764.118610][T25717] name failslab, interval 1, probability 0, space 0, times 0 [ 1764.144383][T25717] CPU: 1 PID: 25717 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1764.155948][T25717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1764.165838][T25717] Call Trace: [ 1764.168958][T25717] [ 1764.171734][T25717] dump_stack_lvl+0x151/0x1b7 [ 1764.176249][T25717] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1764.181717][T25717] dump_stack+0x15/0x17 [ 1764.185712][T25717] should_fail+0x3c6/0x510 [ 1764.189979][T25717] __should_failslab+0xa4/0xe0 [ 1764.194563][T25717] ? vm_area_dup+0x26/0x230 [ 1764.198900][T25717] should_failslab+0x9/0x20 [ 1764.203239][T25717] slab_pre_alloc_hook+0x37/0xd0 [ 1764.208013][T25717] ? vm_area_dup+0x26/0x230 [ 1764.212351][T25717] kmem_cache_alloc+0x44/0x200 [ 1764.216953][T25717] vm_area_dup+0x26/0x230 [ 1764.221119][T25717] copy_mm+0x9a1/0x13e0 [ 1764.225115][T25717] ? copy_signal+0x610/0x610 [ 1764.229541][T25717] ? __init_rwsem+0xd6/0x1c0 [ 1764.233964][T25717] ? copy_signal+0x4e3/0x610 [ 1764.238393][T25717] copy_process+0x1149/0x3290 [ 1764.242906][T25717] ? proc_fail_nth_write+0x20b/0x290 [ 1764.248026][T25717] ? fsnotify_perm+0x6a/0x5d0 [ 1764.252538][T25717] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1764.257484][T25717] ? vfs_write+0x9ec/0x1110 [ 1764.261824][T25717] kernel_clone+0x21e/0x9e0 [ 1764.266164][T25717] ? file_end_write+0x1c0/0x1c0 [ 1764.270856][T25717] ? create_io_thread+0x1e0/0x1e0 [ 1764.275710][T25717] ? mutex_unlock+0xb2/0x260 [ 1764.280138][T25717] ? __mutex_lock_slowpath+0x10/0x10 [ 1764.285256][T25717] __x64_sys_clone+0x23f/0x290 [ 1764.289859][T25717] ? __do_sys_vfork+0x130/0x130 [ 1764.294542][T25717] ? ksys_write+0x260/0x2c0 [ 1764.298886][T25717] ? debug_smp_processor_id+0x17/0x20 [ 1764.304092][T25717] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1764.309994][T25717] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1764.315473][T25717] do_syscall_64+0x3d/0xb0 [ 1764.319718][T25717] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1764.325441][T25717] RIP: 0033:0x7f0ca8db8da9 [ 1764.329695][T25717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1764.349140][T25717] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1764.357380][T25717] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x2e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) [ 1764.365196][T25717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1764.373003][T25717] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1764.380818][T25717] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1764.388625][T25717] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1764.396440][T25717] 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x2f, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1764.415393][T25734] FAULT_INJECTION: forcing a failure. [ 1764.415393][T25734] name failslab, interval 1, probability 0, space 0, times 0 [ 1764.428893][T25734] CPU: 1 PID: 25734 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1764.440436][T25734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1764.450332][T25734] Call Trace: [ 1764.453446][T25734] [ 1764.456228][T25734] dump_stack_lvl+0x151/0x1b7 [ 1764.460737][T25734] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1764.466206][T25734] dump_stack+0x15/0x17 [ 1764.470197][T25734] should_fail+0x3c6/0x510 [ 1764.474453][T25734] __should_failslab+0xa4/0xe0 [ 1764.479052][T25734] ? vm_area_dup+0x26/0x230 [ 1764.483390][T25734] should_failslab+0x9/0x20 [ 1764.487730][T25734] slab_pre_alloc_hook+0x37/0xd0 [ 1764.492504][T25734] ? vm_area_dup+0x26/0x230 [ 1764.496842][T25734] kmem_cache_alloc+0x44/0x200 [ 1764.501448][T25734] vm_area_dup+0x26/0x230 [ 1764.505608][T25734] copy_mm+0x9a1/0x13e0 [ 1764.509604][T25734] ? copy_signal+0x610/0x610 [ 1764.514028][T25734] ? __init_rwsem+0xd6/0x1c0 [ 1764.518800][T25734] ? copy_signal+0x4e3/0x610 [ 1764.523315][T25734] copy_process+0x1149/0x3290 [ 1764.527918][T25734] ? proc_fail_nth_write+0x20b/0x290 [ 1764.533037][T25734] ? fsnotify_perm+0x6a/0x5d0 [ 1764.537548][T25734] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1764.542497][T25734] ? vfs_write+0x9ec/0x1110 [ 1764.546836][T25734] kernel_clone+0x21e/0x9e0 [ 1764.551174][T25734] ? file_end_write+0x1c0/0x1c0 [ 1764.555860][T25734] ? create_io_thread+0x1e0/0x1e0 [ 1764.560720][T25734] ? mutex_unlock+0xb2/0x260 [ 1764.565148][T25734] ? __mutex_lock_slowpath+0x10/0x10 [ 1764.570273][T25734] __x64_sys_clone+0x23f/0x290 [ 1764.574870][T25734] ? __do_sys_vfork+0x130/0x130 [ 1764.579563][T25734] ? ksys_write+0x260/0x2c0 [ 1764.583898][T25734] ? debug_smp_processor_id+0x17/0x20 [ 1764.589102][T25734] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1764.595005][T25734] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1764.600472][T25734] do_syscall_64+0x3d/0xb0 [ 1764.604725][T25734] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1764.610451][T25734] RIP: 0033:0x7f0ca8db8da9 [ 1764.614708][T25734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1764.634236][T25734] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1764.642565][T25734] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1764.650375][T25734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1764.658186][T25734] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:48 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000078000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:48 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x30, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x31, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x34, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1764.665998][T25734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1764.673811][T25734] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1764.681627][T25734] 07:45:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x26, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x35, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x36, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x37, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:48 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x27, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:48 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffff80000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1764.785633][T25743] FAULT_INJECTION: forcing a failure. [ 1764.785633][T25743] name failslab, interval 1, probability 0, space 0, times 0 [ 1764.806008][T25743] CPU: 0 PID: 25743 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1764.817565][T25743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1764.827461][T25743] Call Trace: [ 1764.830584][T25743] [ 1764.833363][T25743] dump_stack_lvl+0x151/0x1b7 [ 1764.837874][T25743] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1764.843340][T25743] dump_stack+0x15/0x17 [ 1764.847339][T25743] should_fail+0x3c6/0x510 [ 1764.851586][T25743] __should_failslab+0xa4/0xe0 [ 1764.856185][T25743] ? vm_area_dup+0x26/0x230 [ 1764.860525][T25743] should_failslab+0x9/0x20 [ 1764.864866][T25743] slab_pre_alloc_hook+0x37/0xd0 [ 1764.869636][T25743] ? vm_area_dup+0x26/0x230 [ 1764.873977][T25743] kmem_cache_alloc+0x44/0x200 [ 1764.878577][T25743] vm_area_dup+0x26/0x230 [ 1764.882747][T25743] copy_mm+0x9a1/0x13e0 [ 1764.886742][T25743] ? copy_signal+0x610/0x610 [ 1764.891162][T25743] ? __init_rwsem+0xd6/0x1c0 [ 1764.895587][T25743] ? copy_signal+0x4e3/0x610 [ 1764.900014][T25743] copy_process+0x1149/0x3290 [ 1764.904528][T25743] ? proc_fail_nth_write+0x20b/0x290 [ 1764.909648][T25743] ? fsnotify_perm+0x6a/0x5d0 [ 1764.914163][T25743] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1764.919110][T25743] ? vfs_write+0x9ec/0x1110 [ 1764.923449][T25743] kernel_clone+0x21e/0x9e0 [ 1764.927785][T25743] ? file_end_write+0x1c0/0x1c0 [ 1764.932474][T25743] ? create_io_thread+0x1e0/0x1e0 [ 1764.937333][T25743] ? mutex_unlock+0xb2/0x260 [ 1764.941849][T25743] ? __mutex_lock_slowpath+0x10/0x10 [ 1764.946971][T25743] __x64_sys_clone+0x23f/0x290 [ 1764.951572][T25743] ? __do_sys_vfork+0x130/0x130 [ 1764.956254][T25743] ? ksys_write+0x260/0x2c0 [ 1764.960594][T25743] ? debug_smp_processor_id+0x17/0x20 [ 1764.965806][T25743] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1764.971705][T25743] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1764.977173][T25743] do_syscall_64+0x3d/0xb0 [ 1764.981424][T25743] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1764.987153][T25743] RIP: 0033:0x7f0ca8db8da9 [ 1764.991408][T25743] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1765.010849][T25743] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1765.019093][T25743] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1765.026905][T25743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x39, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x29, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) [ 1765.034713][T25743] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1765.042524][T25743] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1765.050336][T25743] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1765.058156][T25743] 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x3c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffff85000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x3d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000088000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1765.108383][T25769] FAULT_INJECTION: forcing a failure. [ 1765.108383][T25769] name failslab, interval 1, probability 0, space 0, times 0 [ 1765.128901][T25769] CPU: 1 PID: 25769 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1765.140461][T25769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1765.150353][T25769] Call Trace: [ 1765.153474][T25769] [ 1765.156254][T25769] dump_stack_lvl+0x151/0x1b7 [ 1765.160766][T25769] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1765.166235][T25769] ? avc_denied+0x1b0/0x1b0 [ 1765.170601][T25769] dump_stack+0x15/0x17 [ 1765.174566][T25769] should_fail+0x3c6/0x510 [ 1765.178821][T25769] __should_failslab+0xa4/0xe0 [ 1765.183419][T25769] ? vm_area_dup+0x26/0x230 [ 1765.187758][T25769] should_failslab+0x9/0x20 [ 1765.192098][T25769] slab_pre_alloc_hook+0x37/0xd0 [ 1765.196876][T25769] ? vm_area_dup+0x26/0x230 [ 1765.201213][T25769] kmem_cache_alloc+0x44/0x200 [ 1765.205811][T25769] vm_area_dup+0x26/0x230 [ 1765.209993][T25769] copy_mm+0x9a1/0x13e0 [ 1765.213979][T25769] ? copy_signal+0x610/0x610 [ 1765.218394][T25769] ? __init_rwsem+0xd6/0x1c0 [ 1765.222822][T25769] ? copy_signal+0x4e3/0x610 [ 1765.227251][T25769] copy_process+0x1149/0x3290 [ 1765.231763][T25769] ? proc_fail_nth_write+0x20b/0x290 [ 1765.236883][T25769] ? fsnotify_perm+0x6a/0x5d0 [ 1765.241395][T25769] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1765.246343][T25769] ? vfs_write+0x9ec/0x1110 [ 1765.250688][T25769] kernel_clone+0x21e/0x9e0 [ 1765.255022][T25769] ? file_end_write+0x1c0/0x1c0 [ 1765.259743][T25769] ? create_io_thread+0x1e0/0x1e0 [ 1765.264571][T25769] ? mutex_unlock+0xb2/0x260 [ 1765.268996][T25769] ? __mutex_lock_slowpath+0x10/0x10 [ 1765.274116][T25769] __x64_sys_clone+0x23f/0x290 [ 1765.278735][T25769] ? __do_sys_vfork+0x130/0x130 [ 1765.283406][T25769] ? ksys_write+0x260/0x2c0 [ 1765.287747][T25769] ? debug_smp_processor_id+0x17/0x20 [ 1765.292947][T25769] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1765.298851][T25769] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1765.304320][T25769] do_syscall_64+0x3d/0xb0 [ 1765.308573][T25769] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1765.314298][T25769] RIP: 0033:0x7f0ca8db8da9 [ 1765.318555][T25769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1765.337998][T25769] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1765.346240][T25769] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x2c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x3e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) [ 1765.354051][T25769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1765.361872][T25769] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1765.369672][T25769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1765.377482][T25769] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1765.385302][T25769] 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x2d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1765.413342][T25785] FAULT_INJECTION: forcing a failure. [ 1765.413342][T25785] name failslab, interval 1, probability 0, space 0, times 0 [ 1765.444892][T25785] CPU: 0 PID: 25785 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1765.456447][T25785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1765.466340][T25785] Call Trace: [ 1765.469459][T25785] [ 1765.472238][T25785] dump_stack_lvl+0x151/0x1b7 [ 1765.476753][T25785] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1765.482223][T25785] dump_stack+0x15/0x17 [ 1765.486206][T25785] should_fail+0x3c6/0x510 [ 1765.490462][T25785] __should_failslab+0xa4/0xe0 [ 1765.495064][T25785] ? anon_vma_clone+0x9a/0x500 [ 1765.499658][T25785] should_failslab+0x9/0x20 [ 1765.504001][T25785] slab_pre_alloc_hook+0x37/0xd0 [ 1765.508792][T25785] ? anon_vma_clone+0x9a/0x500 [ 1765.513371][T25785] kmem_cache_alloc+0x44/0x200 [ 1765.517973][T25785] anon_vma_clone+0x9a/0x500 [ 1765.522400][T25785] anon_vma_fork+0x91/0x4e0 [ 1765.526738][T25785] ? anon_vma_name+0x4c/0x70 [ 1765.531169][T25785] ? vm_area_dup+0x17a/0x230 [ 1765.535593][T25785] copy_mm+0xa3a/0x13e0 [ 1765.539585][T25785] ? copy_signal+0x610/0x610 [ 1765.544010][T25785] ? __init_rwsem+0xd6/0x1c0 [ 1765.548437][T25785] ? copy_signal+0x4e3/0x610 [ 1765.552863][T25785] copy_process+0x1149/0x3290 [ 1765.557378][T25785] ? proc_fail_nth_write+0x20b/0x290 [ 1765.562495][T25785] ? fsnotify_perm+0x6a/0x5d0 [ 1765.567010][T25785] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1765.571958][T25785] ? vfs_write+0x9ec/0x1110 [ 1765.576298][T25785] kernel_clone+0x21e/0x9e0 [ 1765.580636][T25785] ? file_end_write+0x1c0/0x1c0 [ 1765.585329][T25785] ? create_io_thread+0x1e0/0x1e0 [ 1765.590183][T25785] ? mutex_unlock+0xb2/0x260 [ 1765.594611][T25785] ? __mutex_lock_slowpath+0x10/0x10 [ 1765.599731][T25785] __x64_sys_clone+0x23f/0x290 [ 1765.604330][T25785] ? __do_sys_vfork+0x130/0x130 [ 1765.609017][T25785] ? ksys_write+0x260/0x2c0 [ 1765.613356][T25785] ? debug_smp_processor_id+0x17/0x20 [ 1765.618562][T25785] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1765.624467][T25785] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1765.629934][T25785] do_syscall_64+0x3d/0xb0 [ 1765.634186][T25785] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1765.639917][T25785] RIP: 0033:0x7f0ca8db8da9 [ 1765.644167][T25785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x2e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffff90000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x45, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x2f, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1765.663610][T25785] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1765.671855][T25785] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1765.679665][T25785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1765.687473][T25785] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1765.695286][T25785] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1765.703100][T25785] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1765.710917][T25785] 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x46, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:49 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000098000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:49 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) 07:45:49 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x47, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1765.778608][T25805] FAULT_INJECTION: forcing a failure. [ 1765.778608][T25805] name failslab, interval 1, probability 0, space 0, times 0 [ 1765.792277][T25805] CPU: 1 PID: 25805 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1765.803839][T25805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1765.813721][T25805] Call Trace: [ 1765.816843][T25805] [ 1765.819621][T25805] dump_stack_lvl+0x151/0x1b7 [ 1765.824135][T25805] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1765.829599][T25805] dump_stack+0x15/0x17 [ 1765.833591][T25805] should_fail+0x3c6/0x510 [ 1765.837844][T25805] __should_failslab+0xa4/0xe0 [ 1765.842445][T25805] ? anon_vma_fork+0xf7/0x4e0 [ 1765.846957][T25805] should_failslab+0x9/0x20 [ 1765.851297][T25805] slab_pre_alloc_hook+0x37/0xd0 [ 1765.856070][T25805] ? anon_vma_fork+0xf7/0x4e0 [ 1765.860581][T25805] kmem_cache_alloc+0x44/0x200 [ 1765.865184][T25805] anon_vma_fork+0xf7/0x4e0 [ 1765.869523][T25805] ? anon_vma_name+0x4c/0x70 [ 1765.873950][T25805] ? vm_area_dup+0x17a/0x230 [ 1765.878376][T25805] copy_mm+0xa3a/0x13e0 [ 1765.882369][T25805] ? copy_signal+0x610/0x610 [ 1765.886794][T25805] ? __init_rwsem+0xd6/0x1c0 [ 1765.891217][T25805] ? copy_signal+0x4e3/0x610 [ 1765.895647][T25805] copy_process+0x1149/0x3290 [ 1765.900175][T25805] ? proc_fail_nth_write+0x20b/0x290 [ 1765.905285][T25805] ? fsnotify_perm+0x6a/0x5d0 [ 1765.909794][T25805] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1765.914740][T25805] ? vfs_write+0x9ec/0x1110 [ 1765.919080][T25805] kernel_clone+0x21e/0x9e0 [ 1765.923434][T25805] ? file_end_write+0x1c0/0x1c0 [ 1765.928107][T25805] ? create_io_thread+0x1e0/0x1e0 [ 1765.932965][T25805] ? mutex_unlock+0xb2/0x260 [ 1765.937392][T25805] ? __mutex_lock_slowpath+0x10/0x10 [ 1765.942515][T25805] __x64_sys_clone+0x23f/0x290 [ 1765.947114][T25805] ? __do_sys_vfork+0x130/0x130 [ 1765.951802][T25805] ? ksys_write+0x260/0x2c0 [ 1765.956139][T25805] ? debug_smp_processor_id+0x17/0x20 [ 1765.961347][T25805] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1765.967250][T25805] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1765.972718][T25805] do_syscall_64+0x3d/0xb0 [ 1765.976975][T25805] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1765.982697][T25805] RIP: 0033:0x7f0ca8db8da9 [ 1765.986953][T25805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1766.006393][T25805] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1766.014635][T25805] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:49 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x31, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x4c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x4d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x4e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) 07:45:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x34, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1766.022447][T25805] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1766.030259][T25805] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1766.038071][T25805] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1766.045882][T25805] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1766.053700][T25805] 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x4f, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1766.121299][T25821] FAULT_INJECTION: forcing a failure. [ 1766.121299][T25821] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.145143][T25821] CPU: 1 PID: 25821 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1766.156708][T25821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1766.166608][T25821] Call Trace: [ 1766.169724][T25821] [ 1766.172500][T25821] dump_stack_lvl+0x151/0x1b7 [ 1766.177015][T25821] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1766.182480][T25821] dump_stack+0x15/0x17 [ 1766.186474][T25821] should_fail+0x3c6/0x510 [ 1766.190735][T25821] __should_failslab+0xa4/0xe0 [ 1766.195325][T25821] ? anon_vma_fork+0x1df/0x4e0 [ 1766.199925][T25821] should_failslab+0x9/0x20 [ 1766.204267][T25821] slab_pre_alloc_hook+0x37/0xd0 [ 1766.209041][T25821] ? anon_vma_fork+0x1df/0x4e0 [ 1766.213640][T25821] kmem_cache_alloc+0x44/0x200 [ 1766.218239][T25821] anon_vma_fork+0x1df/0x4e0 [ 1766.222666][T25821] copy_mm+0xa3a/0x13e0 [ 1766.226663][T25821] ? copy_signal+0x610/0x610 [ 1766.231082][T25821] ? __init_rwsem+0xd6/0x1c0 [ 1766.235636][T25821] ? copy_signal+0x4e3/0x610 [ 1766.240061][T25821] copy_process+0x1149/0x3290 [ 1766.244572][T25821] ? proc_fail_nth_write+0x20b/0x290 [ 1766.249693][T25821] ? fsnotify_perm+0x6a/0x5d0 [ 1766.254204][T25821] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1766.259150][T25821] ? vfs_write+0x9ec/0x1110 [ 1766.263490][T25821] kernel_clone+0x21e/0x9e0 [ 1766.267834][T25821] ? file_end_write+0x1c0/0x1c0 [ 1766.272515][T25821] ? create_io_thread+0x1e0/0x1e0 [ 1766.277374][T25821] ? mutex_unlock+0xb2/0x260 [ 1766.281802][T25821] ? __mutex_lock_slowpath+0x10/0x10 [ 1766.286924][T25821] __x64_sys_clone+0x23f/0x290 [ 1766.291523][T25821] ? __do_sys_vfork+0x130/0x130 [ 1766.296211][T25821] ? ksys_write+0x260/0x2c0 [ 1766.300552][T25821] ? debug_smp_processor_id+0x17/0x20 [ 1766.305758][T25821] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1766.311749][T25821] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1766.317300][T25821] do_syscall_64+0x3d/0xb0 [ 1766.321555][T25821] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1766.327282][T25821] RIP: 0033:0x7f0ca8db8da9 [ 1766.331535][T25821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1766.350973][T25821] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1766.359220][T25821] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x54, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x35, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x55, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000c4c802a0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x36, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x56, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000002003a0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1766.367032][T25821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1766.374840][T25821] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1766.382653][T25821] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1766.390464][T25821] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1766.398282][T25821] 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x57, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x5c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000a8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1766.449588][T25837] FAULT_INJECTION: forcing a failure. [ 1766.449588][T25837] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1766.479562][T25837] CPU: 0 PID: 25837 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1766.491123][T25837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1766.501018][T25837] Call Trace: [ 1766.504136][T25837] [ 1766.506916][T25837] dump_stack_lvl+0x151/0x1b7 [ 1766.511434][T25837] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1766.516896][T25837] dump_stack+0x15/0x17 [ 1766.520883][T25837] should_fail+0x3c6/0x510 [ 1766.525138][T25837] should_fail_alloc_page+0x5a/0x80 [ 1766.530169][T25837] prepare_alloc_pages+0x15c/0x700 [ 1766.535117][T25837] ? __alloc_pages+0x8f0/0x8f0 [ 1766.539719][T25837] ? __alloc_pages_bulk+0xe40/0xe40 [ 1766.544754][T25837] __alloc_pages+0x18c/0x8f0 [ 1766.549178][T25837] ? prep_new_page+0x110/0x110 [ 1766.553898][T25837] ? is_bpf_text_address+0x172/0x190 [ 1766.559013][T25837] pte_alloc_one+0x73/0x1b0 [ 1766.563344][T25837] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1766.568379][T25837] ? arch_stack_walk+0xf3/0x140 [ 1766.573066][T25837] __pte_alloc+0x86/0x350 [ 1766.577233][T25837] ? free_pgtables+0x280/0x280 [ 1766.581833][T25837] ? _raw_spin_lock+0xa4/0x1b0 [ 1766.586432][T25837] ? __kasan_check_write+0x14/0x20 [ 1766.591381][T25837] copy_page_range+0x28a8/0x2f90 [ 1766.596155][T25837] ? __kasan_slab_alloc+0xb1/0xe0 [ 1766.601020][T25837] ? pfn_valid+0x1e0/0x1e0 [ 1766.605267][T25837] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1766.610821][T25837] ? __rb_insert_augmented+0x5de/0x610 [ 1766.616117][T25837] copy_mm+0xc7e/0x13e0 [ 1766.620111][T25837] ? copy_signal+0x610/0x610 [ 1766.624534][T25837] ? __init_rwsem+0xd6/0x1c0 [ 1766.628959][T25837] ? copy_signal+0x4e3/0x610 [ 1766.633390][T25837] copy_process+0x1149/0x3290 [ 1766.637903][T25837] ? proc_fail_nth_write+0x20b/0x290 [ 1766.643023][T25837] ? fsnotify_perm+0x6a/0x5d0 [ 1766.647537][T25837] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1766.652482][T25837] ? vfs_write+0x9ec/0x1110 [ 1766.656824][T25837] kernel_clone+0x21e/0x9e0 [ 1766.661160][T25837] ? file_end_write+0x1c0/0x1c0 [ 1766.665845][T25837] ? create_io_thread+0x1e0/0x1e0 [ 1766.670707][T25837] ? mutex_unlock+0xb2/0x260 [ 1766.675133][T25837] ? __mutex_lock_slowpath+0x10/0x10 [ 1766.680258][T25837] __x64_sys_clone+0x23f/0x290 [ 1766.684856][T25837] ? __do_sys_vfork+0x130/0x130 [ 1766.689543][T25837] ? ksys_write+0x260/0x2c0 [ 1766.693882][T25837] ? debug_smp_processor_id+0x17/0x20 [ 1766.699088][T25837] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1766.704988][T25837] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1766.710459][T25837] do_syscall_64+0x3d/0xb0 [ 1766.714710][T25837] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1766.720439][T25837] RIP: 0033:0x7f0ca8db8da9 [ 1766.724696][T25837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x37, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x5d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffffb0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x5e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1766.744134][T25837] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1766.752376][T25837] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1766.760188][T25837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1766.768000][T25837] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1766.775809][T25837] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1766.783622][T25837] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1766.791441][T25837] 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x5f, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:50 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000b8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:50 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x39, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1766.836841][T25856] FAULT_INJECTION: forcing a failure. [ 1766.836841][T25856] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.864401][T25856] CPU: 1 PID: 25856 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1766.875959][T25856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1766.885850][T25856] Call Trace: [ 1766.888971][T25856] [ 1766.891751][T25856] dump_stack_lvl+0x151/0x1b7 [ 1766.896262][T25856] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1766.901733][T25856] dump_stack+0x15/0x17 [ 1766.905721][T25856] should_fail+0x3c6/0x510 [ 1766.909977][T25856] __should_failslab+0xa4/0xe0 [ 1766.914579][T25856] ? vm_area_dup+0x26/0x230 [ 1766.918915][T25856] should_failslab+0x9/0x20 [ 1766.923256][T25856] slab_pre_alloc_hook+0x37/0xd0 [ 1766.928028][T25856] ? vm_area_dup+0x26/0x230 [ 1766.932366][T25856] kmem_cache_alloc+0x44/0x200 [ 1766.936967][T25856] vm_area_dup+0x26/0x230 [ 1766.941133][T25856] copy_mm+0x9a1/0x13e0 [ 1766.945128][T25856] ? copy_signal+0x610/0x610 [ 1766.949550][T25856] ? __init_rwsem+0xd6/0x1c0 [ 1766.953976][T25856] ? copy_signal+0x4e3/0x610 [ 1766.958404][T25856] copy_process+0x1149/0x3290 [ 1766.962920][T25856] ? proc_fail_nth_write+0x20b/0x290 [ 1766.968040][T25856] ? fsnotify_perm+0x6a/0x5d0 [ 1766.972550][T25856] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1766.977506][T25856] ? vfs_write+0x9ec/0x1110 [ 1766.981926][T25856] kernel_clone+0x21e/0x9e0 [ 1766.986263][T25856] ? file_end_write+0x1c0/0x1c0 [ 1766.990950][T25856] ? create_io_thread+0x1e0/0x1e0 [ 1766.995809][T25856] ? mutex_unlock+0xb2/0x260 [ 1767.000239][T25856] ? __mutex_lock_slowpath+0x10/0x10 [ 1767.005361][T25856] __x64_sys_clone+0x23f/0x290 [ 1767.009960][T25856] ? __do_sys_vfork+0x130/0x130 [ 1767.014642][T25856] ? ksys_write+0x260/0x2c0 [ 1767.018984][T25856] ? debug_smp_processor_id+0x17/0x20 [ 1767.024191][T25856] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1767.030190][T25856] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1767.035648][T25856] do_syscall_64+0x3d/0xb0 [ 1767.039901][T25856] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1767.045627][T25856] RIP: 0033:0x7f0ca8db8da9 [ 1767.049885][T25856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1767.069323][T25856] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1767.077566][T25856] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x61, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x62, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x63, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:51 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) 07:45:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x3c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x64, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1767.085381][T25856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1767.093197][T25856] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1767.101115][T25856] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1767.108915][T25856] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1767.116741][T25856] 07:45:51 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffffc0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x65, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x3d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1767.179269][T25878] FAULT_INJECTION: forcing a failure. [ 1767.179269][T25878] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1767.213650][T25878] CPU: 0 PID: 25878 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1767.225207][T25878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1767.235103][T25878] Call Trace: [ 1767.238221][T25878] [ 1767.240999][T25878] dump_stack_lvl+0x151/0x1b7 [ 1767.245510][T25878] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1767.251069][T25878] dump_stack+0x15/0x17 [ 1767.255060][T25878] should_fail+0x3c6/0x510 [ 1767.259342][T25878] should_fail_alloc_page+0x5a/0x80 [ 1767.264348][T25878] prepare_alloc_pages+0x15c/0x700 [ 1767.269292][T25878] ? __alloc_pages_bulk+0xe40/0xe40 [ 1767.274327][T25878] __alloc_pages+0x18c/0x8f0 [ 1767.278751][T25878] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 1767.284220][T25878] ? prep_new_page+0x110/0x110 [ 1767.288819][T25878] ? __alloc_pages+0x3cb/0x8f0 [ 1767.293423][T25878] ? __kasan_check_write+0x14/0x20 [ 1767.298370][T25878] ? _raw_spin_lock+0xa4/0x1b0 [ 1767.302968][T25878] pte_alloc_one+0x73/0x1b0 [ 1767.307308][T25878] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1767.312341][T25878] ? __pmd_alloc+0x48d/0x550 [ 1767.316768][T25878] __pte_alloc+0x86/0x350 [ 1767.320933][T25878] ? __pud_alloc+0x260/0x260 [ 1767.325370][T25878] ? __pud_alloc+0x213/0x260 [ 1767.329807][T25878] ? free_pgtables+0x280/0x280 [ 1767.334387][T25878] ? do_handle_mm_fault+0x2330/0x2330 [ 1767.339592][T25878] ? __stack_depot_save+0x34/0x470 [ 1767.344538][T25878] ? anon_vma_clone+0x9a/0x500 [ 1767.349297][T25878] copy_page_range+0x28a8/0x2f90 [ 1767.354065][T25878] ? __kasan_slab_alloc+0xb1/0xe0 [ 1767.358921][T25878] ? slab_post_alloc_hook+0x53/0x2c0 [ 1767.364058][T25878] ? kernel_clone+0x21e/0x9e0 [ 1767.368555][T25878] ? do_syscall_64+0x3d/0xb0 [ 1767.372981][T25878] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1767.378888][T25878] ? pfn_valid+0x1e0/0x1e0 [ 1767.383137][T25878] ? rwsem_write_trylock+0x15b/0x290 [ 1767.388379][T25878] ? vma_interval_tree_augment_rotate+0x1d0/0x1d0 [ 1767.394613][T25878] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1767.400162][T25878] ? __rb_insert_augmented+0x5de/0x610 [ 1767.405460][T25878] copy_mm+0xc7e/0x13e0 [ 1767.409451][T25878] ? copy_signal+0x610/0x610 [ 1767.413970][T25878] ? __init_rwsem+0xd6/0x1c0 [ 1767.418388][T25878] ? copy_signal+0x4e3/0x610 [ 1767.422816][T25878] copy_process+0x1149/0x3290 [ 1767.427416][T25878] ? proc_fail_nth_write+0x20b/0x290 [ 1767.432538][T25878] ? fsnotify_perm+0x6a/0x5d0 [ 1767.437064][T25878] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1767.441999][T25878] ? vfs_write+0x9ec/0x1110 [ 1767.446336][T25878] kernel_clone+0x21e/0x9e0 [ 1767.450693][T25878] ? file_end_write+0x1c0/0x1c0 [ 1767.455388][T25878] ? create_io_thread+0x1e0/0x1e0 [ 1767.460221][T25878] ? mutex_unlock+0xb2/0x260 [ 1767.464647][T25878] ? __mutex_lock_slowpath+0x10/0x10 [ 1767.469772][T25878] __x64_sys_clone+0x23f/0x290 [ 1767.474371][T25878] ? __do_sys_vfork+0x130/0x130 [ 1767.479059][T25878] ? ksys_write+0x260/0x2c0 [ 1767.483417][T25878] ? debug_smp_processor_id+0x17/0x20 [ 1767.488605][T25878] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1767.494522][T25878] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1767.499980][T25878] do_syscall_64+0x3d/0xb0 [ 1767.504227][T25878] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1767.509952][T25878] RIP: 0033:0x7f0ca8db8da9 [ 1767.514208][T25878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1767.533648][T25878] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1767.541891][T25878] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1767.549703][T25878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1767.557516][T25878] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1767.565325][T25878] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1767.573138][T25878] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 07:45:51 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000a002c8c4000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:51 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x66, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:51 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000c8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1767.580955][T25878] 07:45:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x3e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x67, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x44, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1767.630664][T25896] FAULT_INJECTION: forcing a failure. [ 1767.630664][T25896] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1767.663267][T25896] CPU: 1 PID: 25896 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1767.674830][T25896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1767.684819][T25896] Call Trace: [ 1767.687939][T25896] [ 1767.690711][T25896] dump_stack_lvl+0x151/0x1b7 [ 1767.695226][T25896] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1767.700693][T25896] dump_stack+0x15/0x17 [ 1767.704683][T25896] should_fail+0x3c6/0x510 [ 1767.708938][T25896] should_fail_alloc_page+0x5a/0x80 [ 1767.713972][T25896] prepare_alloc_pages+0x15c/0x700 [ 1767.718917][T25896] ? __alloc_pages+0x8f0/0x8f0 [ 1767.723518][T25896] ? __alloc_pages_bulk+0xe40/0xe40 [ 1767.728555][T25896] __alloc_pages+0x18c/0x8f0 [ 1767.732978][T25896] ? prep_new_page+0x110/0x110 [ 1767.737579][T25896] ? 0xffffffffa0028940 [ 1767.741572][T25896] ? is_bpf_text_address+0x172/0x190 [ 1767.746697][T25896] pte_alloc_one+0x73/0x1b0 [ 1767.751032][T25896] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1767.756066][T25896] ? arch_stack_walk+0xf3/0x140 [ 1767.760753][T25896] __pte_alloc+0x86/0x350 [ 1767.764919][T25896] ? free_pgtables+0x280/0x280 [ 1767.769531][T25896] ? _raw_spin_lock+0xa4/0x1b0 [ 1767.774119][T25896] ? __kasan_check_write+0x14/0x20 [ 1767.779067][T25896] copy_page_range+0x28a8/0x2f90 [ 1767.783841][T25896] ? __kasan_slab_alloc+0xb1/0xe0 [ 1767.788705][T25896] ? pfn_valid+0x1e0/0x1e0 [ 1767.792952][T25896] ? vma_gap_callbacks_rotate+0x1b7/0x210 [ 1767.798505][T25896] ? __rb_insert_augmented+0x5de/0x610 [ 1767.803803][T25896] copy_mm+0xc7e/0x13e0 [ 1767.807798][T25896] ? copy_signal+0x610/0x610 [ 1767.812218][T25896] ? __init_rwsem+0xd6/0x1c0 [ 1767.816645][T25896] ? copy_signal+0x4e3/0x610 [ 1767.821073][T25896] copy_process+0x1149/0x3290 [ 1767.825586][T25896] ? proc_fail_nth_write+0x20b/0x290 [ 1767.830708][T25896] ? fsnotify_perm+0x6a/0x5d0 [ 1767.835222][T25896] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1767.840167][T25896] ? vfs_write+0x9ec/0x1110 [ 1767.844509][T25896] kernel_clone+0x21e/0x9e0 [ 1767.848844][T25896] ? file_end_write+0x1c0/0x1c0 [ 1767.853532][T25896] ? create_io_thread+0x1e0/0x1e0 [ 1767.858393][T25896] ? mutex_unlock+0xb2/0x260 [ 1767.862817][T25896] ? __mutex_lock_slowpath+0x10/0x10 [ 1767.867942][T25896] __x64_sys_clone+0x23f/0x290 [ 1767.872542][T25896] ? __do_sys_vfork+0x130/0x130 [ 1767.877225][T25896] ? ksys_write+0x260/0x2c0 [ 1767.881568][T25896] ? debug_smp_processor_id+0x17/0x20 [ 1767.886777][T25896] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1767.892676][T25896] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1767.898146][T25896] do_syscall_64+0x3d/0xb0 [ 1767.902399][T25896] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1767.908298][T25896] RIP: 0033:0x7f0ca8db8da9 [ 1767.912554][T25896] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x69, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1767.932083][T25896] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1767.940324][T25896] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1767.948134][T25896] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1767.955947][T25896] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1767.963758][T25896] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1767.971569][T25896] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1767.979385][T25896] 07:45:51 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000ffffffd0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:51 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) 07:45:51 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x45, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1768.014234][T25909] FAULT_INJECTION: forcing a failure. [ 1768.014234][T25909] name failslab, interval 1, probability 0, space 0, times 0 [ 1768.027352][T25909] CPU: 1 PID: 25909 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1768.038899][T25909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1768.048798][T25909] Call Trace: [ 1768.052001][T25909] [ 1768.054784][T25909] dump_stack_lvl+0x151/0x1b7 [ 1768.059294][T25909] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1768.064764][T25909] dump_stack+0x15/0x17 [ 1768.068755][T25909] should_fail+0x3c6/0x510 [ 1768.073008][T25909] __should_failslab+0xa4/0xe0 [ 1768.077609][T25909] ? vm_area_dup+0x26/0x230 [ 1768.081946][T25909] should_failslab+0x9/0x20 [ 1768.086285][T25909] slab_pre_alloc_hook+0x37/0xd0 [ 1768.091075][T25909] ? vm_area_dup+0x26/0x230 [ 1768.095404][T25909] kmem_cache_alloc+0x44/0x200 [ 1768.100002][T25909] vm_area_dup+0x26/0x230 [ 1768.104163][T25909] copy_mm+0x9a1/0x13e0 [ 1768.108160][T25909] ? copy_signal+0x610/0x610 [ 1768.112581][T25909] ? __init_rwsem+0xd6/0x1c0 [ 1768.117015][T25909] ? copy_signal+0x4e3/0x610 [ 1768.121435][T25909] copy_process+0x1149/0x3290 [ 1768.125952][T25909] ? proc_fail_nth_write+0x20b/0x290 [ 1768.131072][T25909] ? fsnotify_perm+0x6a/0x5d0 [ 1768.135582][T25909] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1768.140528][T25909] ? vfs_write+0x9ec/0x1110 [ 1768.144874][T25909] kernel_clone+0x21e/0x9e0 [ 1768.149210][T25909] ? file_end_write+0x1c0/0x1c0 [ 1768.153898][T25909] ? create_io_thread+0x1e0/0x1e0 [ 1768.158755][T25909] ? mutex_unlock+0xb2/0x260 [ 1768.163183][T25909] ? __mutex_lock_slowpath+0x10/0x10 [ 1768.168303][T25909] __x64_sys_clone+0x23f/0x290 [ 1768.172904][T25909] ? __do_sys_vfork+0x130/0x130 [ 1768.177588][T25909] ? ksys_write+0x260/0x2c0 [ 1768.181930][T25909] ? debug_smp_processor_id+0x17/0x20 [ 1768.187136][T25909] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1768.193044][T25909] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1768.198520][T25909] do_syscall_64+0x3d/0xb0 [ 1768.202761][T25909] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1768.208584][T25909] RIP: 0033:0x7f0ca8db8da9 [ 1768.212828][T25909] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1768.232275][T25909] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1768.240513][T25909] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1768.248325][T25909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1768.256135][T25909] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:51 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6a, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:51 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000001ac4d1000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x46, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1768.264385][T25909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1768.272190][T25909] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1768.280014][T25909] [ 1768.311259][T25917] FAULT_INJECTION: forcing a failure. [ 1768.311259][T25917] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1768.329901][T25917] CPU: 0 PID: 25917 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1768.341457][T25917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1768.351375][T25917] Call Trace: [ 1768.354473][T25917] [ 1768.357251][T25917] dump_stack_lvl+0x151/0x1b7 [ 1768.361762][T25917] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1768.367232][T25917] dump_stack+0x15/0x17 [ 1768.371221][T25917] should_fail+0x3c6/0x510 [ 1768.375473][T25917] should_fail_alloc_page+0x5a/0x80 [ 1768.380507][T25917] prepare_alloc_pages+0x15c/0x700 [ 1768.385456][T25917] ? __alloc_pages+0x8f0/0x8f0 [ 1768.390055][T25917] ? __alloc_pages_bulk+0xe40/0xe40 [ 1768.395097][T25917] __alloc_pages+0x18c/0x8f0 [ 1768.399518][T25917] ? prep_new_page+0x110/0x110 [ 1768.404117][T25917] ? 0xffffffffa002c7fc [ 1768.408115][T25917] ? is_bpf_text_address+0x172/0x190 [ 1768.413228][T25917] pte_alloc_one+0x73/0x1b0 [ 1768.417573][T25917] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1768.422604][T25917] ? arch_stack_walk+0xf3/0x140 [ 1768.427289][T25917] __pte_alloc+0x86/0x350 [ 1768.431455][T25917] ? free_pgtables+0x280/0x280 [ 1768.436052][T25917] ? _raw_spin_lock+0xa4/0x1b0 [ 1768.440654][T25917] ? __kasan_check_write+0x14/0x20 [ 1768.445604][T25917] copy_page_range+0x28a8/0x2f90 [ 1768.450376][T25917] ? __kasan_slab_alloc+0xb1/0xe0 [ 1768.455243][T25917] ? pfn_valid+0x1e0/0x1e0 [ 1768.459488][T25917] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1768.465045][T25917] ? __rb_insert_augmented+0x5de/0x610 [ 1768.470428][T25917] copy_mm+0xc7e/0x13e0 [ 1768.474421][T25917] ? copy_signal+0x610/0x610 [ 1768.478845][T25917] ? __init_rwsem+0xd6/0x1c0 [ 1768.483268][T25917] ? copy_signal+0x4e3/0x610 [ 1768.487694][T25917] copy_process+0x1149/0x3290 [ 1768.492209][T25917] ? proc_fail_nth_write+0x20b/0x290 [ 1768.497328][T25917] ? fsnotify_perm+0x6a/0x5d0 [ 1768.501841][T25917] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1768.506789][T25917] ? vfs_write+0x9ec/0x1110 [ 1768.511129][T25917] kernel_clone+0x21e/0x9e0 [ 1768.515470][T25917] ? file_end_write+0x1c0/0x1c0 [ 1768.520155][T25917] ? create_io_thread+0x1e0/0x1e0 [ 1768.525362][T25917] ? mutex_unlock+0xb2/0x260 [ 1768.529797][T25917] ? __mutex_lock_slowpath+0x10/0x10 [ 1768.534913][T25917] __x64_sys_clone+0x23f/0x290 [ 1768.539510][T25917] ? __do_sys_vfork+0x130/0x130 [ 1768.544198][T25917] ? ksys_write+0x260/0x2c0 [ 1768.548538][T25917] ? debug_smp_processor_id+0x17/0x20 [ 1768.553743][T25917] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1768.559734][T25917] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1768.565198][T25917] do_syscall_64+0x3d/0xb0 [ 1768.569456][T25917] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1768.575182][T25917] RIP: 0033:0x7f0ca8db8da9 [ 1768.579437][T25917] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1768.598876][T25917] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:52 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6b, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:52 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000d8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x47, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x4c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1768.607118][T25917] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1768.614930][T25917] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1768.622742][T25917] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1768.630552][T25917] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1768.638371][T25917] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1768.646269][T25917] 07:45:52 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) 07:45:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x4d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x4e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1768.740794][T25938] FAULT_INJECTION: forcing a failure. [ 1768.740794][T25938] name failslab, interval 1, probability 0, space 0, times 0 [ 1768.758969][T25938] CPU: 0 PID: 25938 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1768.770530][T25938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1768.780420][T25938] Call Trace: [ 1768.783546][T25938] [ 1768.786322][T25938] dump_stack_lvl+0x151/0x1b7 [ 1768.790835][T25938] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1768.796304][T25938] dump_stack+0x15/0x17 [ 1768.800296][T25938] should_fail+0x3c6/0x510 [ 1768.804560][T25938] __should_failslab+0xa4/0xe0 [ 1768.809150][T25938] ? vm_area_dup+0x26/0x230 [ 1768.813486][T25938] should_failslab+0x9/0x20 [ 1768.817828][T25938] slab_pre_alloc_hook+0x37/0xd0 [ 1768.822602][T25938] ? vm_area_dup+0x26/0x230 [ 1768.826939][T25938] kmem_cache_alloc+0x44/0x200 [ 1768.831543][T25938] vm_area_dup+0x26/0x230 [ 1768.835710][T25938] copy_mm+0x9a1/0x13e0 [ 1768.839700][T25938] ? copy_signal+0x610/0x610 [ 1768.844126][T25938] ? __init_rwsem+0xd6/0x1c0 [ 1768.848553][T25938] ? copy_signal+0x4e3/0x610 [ 1768.852976][T25938] copy_process+0x1149/0x3290 [ 1768.857492][T25938] ? proc_fail_nth_write+0x20b/0x290 [ 1768.862613][T25938] ? fsnotify_perm+0x6a/0x5d0 [ 1768.867127][T25938] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1768.872073][T25938] ? vfs_write+0x9ec/0x1110 [ 1768.876414][T25938] kernel_clone+0x21e/0x9e0 [ 1768.880753][T25938] ? file_end_write+0x1c0/0x1c0 [ 1768.885440][T25938] ? create_io_thread+0x1e0/0x1e0 [ 1768.890298][T25938] ? mutex_unlock+0xb2/0x260 [ 1768.894724][T25938] ? __mutex_lock_slowpath+0x10/0x10 [ 1768.899845][T25938] __x64_sys_clone+0x23f/0x290 [ 1768.904447][T25938] ? __do_sys_vfork+0x130/0x130 [ 1768.909133][T25938] ? ksys_write+0x260/0x2c0 [ 1768.913647][T25938] ? debug_smp_processor_id+0x17/0x20 [ 1768.918853][T25938] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1768.924755][T25938] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1768.930223][T25938] do_syscall_64+0x3d/0xb0 [ 1768.934475][T25938] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1768.940202][T25938] RIP: 0033:0x7f0ca8db8da9 [ 1768.944455][T25938] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1768.963900][T25938] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1768.972141][T25938] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1768.979952][T25938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:52 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000e8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x6f, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:52 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x4f, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1768.987762][T25938] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1768.995574][T25938] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1769.003390][T25938] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1769.011202][T25938] 07:45:53 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) 07:45:53 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x54, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x71, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1769.097755][T25956] FAULT_INJECTION: forcing a failure. [ 1769.097755][T25956] name failslab, interval 1, probability 0, space 0, times 0 [ 1769.111266][T25956] CPU: 1 PID: 25956 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1769.122814][T25956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1769.132706][T25956] Call Trace: [ 1769.135832][T25956] [ 1769.138609][T25956] dump_stack_lvl+0x151/0x1b7 [ 1769.143120][T25956] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1769.148589][T25956] dump_stack+0x15/0x17 [ 1769.152578][T25956] should_fail+0x3c6/0x510 [ 1769.156834][T25956] __should_failslab+0xa4/0xe0 [ 1769.161431][T25956] ? vm_area_dup+0x26/0x230 [ 1769.165773][T25956] should_failslab+0x9/0x20 [ 1769.170111][T25956] slab_pre_alloc_hook+0x37/0xd0 [ 1769.174887][T25956] ? vm_area_dup+0x26/0x230 [ 1769.179238][T25956] kmem_cache_alloc+0x44/0x200 [ 1769.183829][T25956] vm_area_dup+0x26/0x230 [ 1769.187992][T25956] copy_mm+0x9a1/0x13e0 [ 1769.191986][T25956] ? copy_signal+0x610/0x610 [ 1769.196409][T25956] ? __init_rwsem+0xd6/0x1c0 [ 1769.200836][T25956] ? copy_signal+0x4e3/0x610 [ 1769.205262][T25956] copy_process+0x1149/0x3290 [ 1769.209780][T25956] ? proc_fail_nth_write+0x20b/0x290 [ 1769.214897][T25956] ? fsnotify_perm+0x6a/0x5d0 [ 1769.219409][T25956] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1769.224354][T25956] ? vfs_write+0x9ec/0x1110 [ 1769.228697][T25956] kernel_clone+0x21e/0x9e0 [ 1769.233033][T25956] ? file_end_write+0x1c0/0x1c0 [ 1769.237745][T25956] ? create_io_thread+0x1e0/0x1e0 [ 1769.242585][T25956] ? mutex_unlock+0xb2/0x260 [ 1769.247008][T25956] ? __mutex_lock_slowpath+0x10/0x10 [ 1769.252224][T25956] __x64_sys_clone+0x23f/0x290 [ 1769.256916][T25956] ? __do_sys_vfork+0x130/0x130 [ 1769.261590][T25956] ? ksys_write+0x260/0x2c0 [ 1769.265930][T25956] ? debug_smp_processor_id+0x17/0x20 [ 1769.271137][T25956] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1769.277038][T25956] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1769.282508][T25956] do_syscall_64+0x3d/0xb0 [ 1769.286760][T25956] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1769.292487][T25956] RIP: 0033:0x7f0ca8db8da9 [ 1769.296740][T25956] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1769.316184][T25956] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1769.324432][T25956] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1769.332237][T25956] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1769.340048][T25956] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x72, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:53 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fffffff0000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x73, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:53 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000f8000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:53 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x55, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1769.347861][T25956] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1769.355673][T25956] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1769.363488][T25956] 07:45:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x74, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:53 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) 07:45:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x56, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1769.433641][T25973] FAULT_INJECTION: forcing a failure. [ 1769.433641][T25973] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1769.456703][T25973] CPU: 0 PID: 25973 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1769.468267][T25973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1769.478162][T25973] Call Trace: [ 1769.481284][T25973] [ 1769.484066][T25973] dump_stack_lvl+0x151/0x1b7 [ 1769.488570][T25973] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1769.494042][T25973] dump_stack+0x15/0x17 [ 1769.498032][T25973] should_fail+0x3c6/0x510 [ 1769.502286][T25973] should_fail_alloc_page+0x5a/0x80 [ 1769.507320][T25973] prepare_alloc_pages+0x15c/0x700 [ 1769.512264][T25973] ? __alloc_pages+0x8f0/0x8f0 [ 1769.517651][T25973] ? __alloc_pages_bulk+0xe40/0xe40 [ 1769.522681][T25973] __alloc_pages+0x18c/0x8f0 [ 1769.527194][T25973] ? prep_new_page+0x110/0x110 [ 1769.531796][T25973] ? 0xffffffffa002c7fc [ 1769.535785][T25973] ? is_bpf_text_address+0x172/0x190 [ 1769.540910][T25973] pte_alloc_one+0x73/0x1b0 [ 1769.545246][T25973] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1769.550284][T25973] ? arch_stack_walk+0xf3/0x140 [ 1769.554969][T25973] __pte_alloc+0x86/0x350 [ 1769.559136][T25973] ? free_pgtables+0x280/0x280 [ 1769.563731][T25973] ? _raw_spin_lock+0xa4/0x1b0 [ 1769.568333][T25973] ? __kasan_check_write+0x14/0x20 [ 1769.573282][T25973] copy_page_range+0x28a8/0x2f90 [ 1769.578054][T25973] ? __kasan_slab_alloc+0xb1/0xe0 [ 1769.582920][T25973] ? pfn_valid+0x1e0/0x1e0 [ 1769.587168][T25973] ? vma_interval_tree_augment_rotate+0x1a3/0x1d0 [ 1769.593421][T25973] copy_mm+0xc7e/0x13e0 [ 1769.597414][T25973] ? copy_signal+0x610/0x610 [ 1769.601833][T25973] ? __init_rwsem+0xd6/0x1c0 [ 1769.606260][T25973] ? copy_signal+0x4e3/0x610 [ 1769.610688][T25973] copy_process+0x1149/0x3290 [ 1769.615200][T25973] ? proc_fail_nth_write+0x20b/0x290 [ 1769.620324][T25973] ? fsnotify_perm+0x6a/0x5d0 [ 1769.624836][T25973] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1769.629784][T25973] ? vfs_write+0x9ec/0x1110 [ 1769.634123][T25973] kernel_clone+0x21e/0x9e0 [ 1769.638462][T25973] ? file_end_write+0x1c0/0x1c0 [ 1769.643148][T25973] ? create_io_thread+0x1e0/0x1e0 [ 1769.648006][T25973] ? mutex_unlock+0xb2/0x260 [ 1769.652432][T25973] ? __mutex_lock_slowpath+0x10/0x10 [ 1769.657556][T25973] __x64_sys_clone+0x23f/0x290 [ 1769.662157][T25973] ? __do_sys_vfork+0x130/0x130 [ 1769.666840][T25973] ? ksys_write+0x260/0x2c0 [ 1769.671183][T25973] ? debug_smp_processor_id+0x17/0x20 [ 1769.676397][T25973] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1769.682289][T25973] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1769.687758][T25973] do_syscall_64+0x3d/0xb0 [ 1769.692010][T25973] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1769.697740][T25973] RIP: 0033:0x7f0ca8db8da9 [ 1769.701993][T25973] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1769.721434][T25973] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x75, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:53 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) [ 1769.729778][T25973] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1769.737584][T25973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1769.745396][T25973] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1769.753236][T25973] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1769.761018][T25973] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1769.768841][T25973] [ 1769.790642][T25980] FAULT_INJECTION: forcing a failure. [ 1769.790642][T25980] name failslab, interval 1, probability 0, space 0, times 0 [ 1769.803226][T25980] CPU: 1 PID: 25980 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1769.814765][T25980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1769.824659][T25980] Call Trace: [ 1769.827783][T25980] [ 1769.830568][T25980] dump_stack_lvl+0x151/0x1b7 [ 1769.835075][T25980] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1769.840542][T25980] dump_stack+0x15/0x17 [ 1769.844526][T25980] should_fail+0x3c6/0x510 [ 1769.848780][T25980] __should_failslab+0xa4/0xe0 [ 1769.853380][T25980] ? vm_area_dup+0x26/0x230 [ 1769.857717][T25980] should_failslab+0x9/0x20 [ 1769.862060][T25980] slab_pre_alloc_hook+0x37/0xd0 [ 1769.866920][T25980] ? vm_area_dup+0x26/0x230 [ 1769.871262][T25980] kmem_cache_alloc+0x44/0x200 [ 1769.875858][T25980] vm_area_dup+0x26/0x230 [ 1769.880028][T25980] copy_mm+0x9a1/0x13e0 [ 1769.884020][T25980] ? copy_signal+0x610/0x610 [ 1769.888443][T25980] ? __init_rwsem+0xd6/0x1c0 [ 1769.892869][T25980] ? copy_signal+0x4e3/0x610 [ 1769.897299][T25980] copy_process+0x1149/0x3290 [ 1769.901832][T25980] ? proc_fail_nth_write+0x20b/0x290 [ 1769.906932][T25980] ? fsnotify_perm+0x6a/0x5d0 [ 1769.911446][T25980] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1769.916389][T25980] ? vfs_write+0x9ec/0x1110 [ 1769.920732][T25980] kernel_clone+0x21e/0x9e0 [ 1769.925088][T25980] ? file_end_write+0x1c0/0x1c0 [ 1769.929765][T25980] ? create_io_thread+0x1e0/0x1e0 [ 1769.934702][T25980] ? mutex_unlock+0xb2/0x260 [ 1769.939131][T25980] ? __mutex_lock_slowpath+0x10/0x10 [ 1769.944277][T25980] __x64_sys_clone+0x23f/0x290 [ 1769.948850][T25980] ? __do_sys_vfork+0x130/0x130 [ 1769.953539][T25980] ? ksys_write+0x260/0x2c0 [ 1769.957877][T25980] ? debug_smp_processor_id+0x17/0x20 [ 1769.963082][T25980] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1769.968986][T25980] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1769.974477][T25980] do_syscall_64+0x3d/0xb0 [ 1769.978712][T25980] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1769.984433][T25980] RIP: 0033:0x7f0ca8db8da9 [ 1769.988689][T25980] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1770.008216][T25980] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1770.016459][T25980] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1770.024275][T25980] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1770.032082][T25980] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:53 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x57, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x76, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000000ff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x77, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x5c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) [ 1770.040067][T25980] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1770.047889][T25980] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1770.055693][T25980] 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x79, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x5d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7a, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.100823][T25990] FAULT_INJECTION: forcing a failure. [ 1770.100823][T25990] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1770.150820][T25990] CPU: 1 PID: 25990 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1770.162373][T25990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1770.172265][T25990] Call Trace: [ 1770.175389][T25990] [ 1770.178168][T25990] dump_stack_lvl+0x151/0x1b7 [ 1770.182681][T25990] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1770.188149][T25990] dump_stack+0x15/0x17 [ 1770.192140][T25990] should_fail+0x3c6/0x510 [ 1770.196419][T25990] should_fail_alloc_page+0x5a/0x80 [ 1770.201467][T25990] prepare_alloc_pages+0x15c/0x700 [ 1770.206378][T25990] ? __alloc_pages+0x8f0/0x8f0 [ 1770.210973][T25990] ? __alloc_pages_bulk+0xe40/0xe40 [ 1770.216005][T25990] ? sched_clock+0x9/0x10 [ 1770.220174][T25990] __alloc_pages+0x18c/0x8f0 [ 1770.224599][T25990] ? prep_new_page+0x110/0x110 [ 1770.229202][T25990] ? is_bpf_text_address+0x172/0x190 [ 1770.234321][T25990] pte_alloc_one+0x73/0x1b0 [ 1770.238659][T25990] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1770.243693][T25990] ? arch_stack_walk+0xf3/0x140 [ 1770.248381][T25990] __pte_alloc+0x86/0x350 [ 1770.252550][T25990] ? free_pgtables+0x280/0x280 [ 1770.257147][T25990] ? _raw_spin_lock+0xa4/0x1b0 [ 1770.261746][T25990] ? __kasan_check_write+0x14/0x20 [ 1770.266698][T25990] copy_page_range+0x28a8/0x2f90 [ 1770.271466][T25990] ? __kasan_slab_alloc+0xb1/0xe0 [ 1770.276335][T25990] ? pfn_valid+0x1e0/0x1e0 [ 1770.280580][T25990] ? vma_gap_callbacks_rotate+0x1e2/0x210 [ 1770.286134][T25990] ? __rb_insert_augmented+0x5de/0x610 [ 1770.291431][T25990] copy_mm+0xc7e/0x13e0 [ 1770.295424][T25990] ? copy_signal+0x610/0x610 [ 1770.299846][T25990] ? __init_rwsem+0xd6/0x1c0 [ 1770.304274][T25990] ? copy_signal+0x4e3/0x610 [ 1770.308705][T25990] copy_process+0x1149/0x3290 [ 1770.313223][T25990] ? proc_fail_nth_write+0x20b/0x290 [ 1770.318336][T25990] ? fsnotify_perm+0x6a/0x5d0 [ 1770.322848][T25990] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1770.327794][T25990] ? vfs_write+0x9ec/0x1110 [ 1770.332135][T25990] kernel_clone+0x21e/0x9e0 [ 1770.336475][T25990] ? file_end_write+0x1c0/0x1c0 [ 1770.341160][T25990] ? create_io_thread+0x1e0/0x1e0 [ 1770.346017][T25990] ? mutex_unlock+0xb2/0x260 [ 1770.350447][T25990] ? __mutex_lock_slowpath+0x10/0x10 [ 1770.355569][T25990] __x64_sys_clone+0x23f/0x290 [ 1770.360167][T25990] ? __do_sys_vfork+0x130/0x130 [ 1770.364854][T25990] ? ksys_write+0x260/0x2c0 [ 1770.369198][T25990] ? debug_smp_processor_id+0x17/0x20 [ 1770.374401][T25990] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1770.380303][T25990] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1770.385772][T25990] do_syscall_64+0x3d/0xb0 [ 1770.390024][T25990] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1770.395881][T25990] RIP: 0033:0x7f0ca8db8da9 [ 1770.400128][T25990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1770.419565][T25990] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1770.427810][T25990] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1770.435619][T25990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1770.443433][T25990] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:45:54 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7b, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x5e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.451247][T25990] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1770.459054][T25990] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1770.466871][T25990] 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7d, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x5f, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x7e, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.521911][T26010] FAULT_INJECTION: forcing a failure. [ 1770.521911][T26010] name failslab, interval 1, probability 0, space 0, times 0 [ 1770.559748][T26010] CPU: 1 PID: 26010 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.571312][T26010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1770.581208][T26010] Call Trace: [ 1770.584323][T26010] [ 1770.587110][T26010] dump_stack_lvl+0x151/0x1b7 [ 1770.591622][T26010] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1770.597092][T26010] dump_stack+0x15/0x17 [ 1770.601082][T26010] should_fail+0x3c6/0x510 [ 1770.605335][T26010] __should_failslab+0xa4/0xe0 [ 1770.609947][T26010] ? anon_vma_fork+0xf7/0x4e0 [ 1770.614450][T26010] should_failslab+0x9/0x20 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.618784][T26010] slab_pre_alloc_hook+0x37/0xd0 [ 1770.623562][T26010] ? anon_vma_fork+0xf7/0x4e0 [ 1770.628070][T26010] kmem_cache_alloc+0x44/0x200 [ 1770.632677][T26010] anon_vma_fork+0xf7/0x4e0 [ 1770.637014][T26010] ? anon_vma_name+0x43/0x70 [ 1770.641439][T26010] ? vm_area_dup+0x17a/0x230 [ 1770.645867][T26010] copy_mm+0xa3a/0x13e0 [ 1770.649864][T26010] ? copy_signal+0x610/0x610 [ 1770.654282][T26010] ? __init_rwsem+0xd6/0x1c0 [ 1770.658717][T26010] ? copy_signal+0x4e3/0x610 [ 1770.663139][T26010] copy_process+0x1149/0x3290 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.667654][T26010] ? proc_fail_nth_write+0x20b/0x290 [ 1770.672770][T26010] ? fsnotify_perm+0x6a/0x5d0 [ 1770.677371][T26010] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1770.682317][T26010] ? vfs_write+0x9ec/0x1110 [ 1770.686660][T26010] kernel_clone+0x21e/0x9e0 [ 1770.690998][T26010] ? file_end_write+0x1c0/0x1c0 [ 1770.695682][T26010] ? create_io_thread+0x1e0/0x1e0 [ 1770.700542][T26010] ? mutex_unlock+0xb2/0x260 [ 1770.704972][T26010] ? __mutex_lock_slowpath+0x10/0x10 [ 1770.710084][T26010] __x64_sys_clone+0x23f/0x290 [ 1770.714693][T26010] ? __do_sys_vfork+0x130/0x130 [ 1770.719378][T26010] ? ksys_write+0x260/0x2c0 [ 1770.723724][T26010] ? debug_smp_processor_id+0x17/0x20 [ 1770.728920][T26010] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1770.734819][T26010] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1770.740286][T26010] do_syscall_64+0x3d/0xb0 [ 1770.744542][T26010] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1770.750267][T26010] RIP: 0033:0x7f0ca8db8da9 [ 1770.754523][T26010] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1770.773961][T26010] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1770.782206][T26010] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1770.790021][T26010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1770.797828][T26010] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1770.805642][T26010] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1770.813451][T26010] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 07:45:54 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:54 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fffffdff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x61, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000fffdffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1770.821267][T26010] 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x62, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63) 07:45:54 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="180800000000000000001fffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x63, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1770.902530][T26058] FAULT_INJECTION: forcing a failure. [ 1770.902530][T26058] name failslab, interval 1, probability 0, space 0, times 0 [ 1770.920213][T26058] CPU: 0 PID: 26058 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1770.931776][T26058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1770.941672][T26058] Call Trace: [ 1770.944795][T26058] [ 1770.947571][T26058] dump_stack_lvl+0x151/0x1b7 [ 1770.952082][T26058] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1770.957637][T26058] dump_stack+0x15/0x17 [ 1770.961627][T26058] should_fail+0x3c6/0x510 [ 1770.965882][T26058] __should_failslab+0xa4/0xe0 [ 1770.970482][T26058] ? vm_area_dup+0x26/0x230 [ 1770.974818][T26058] should_failslab+0x9/0x20 [ 1770.979160][T26058] slab_pre_alloc_hook+0x37/0xd0 [ 1770.983930][T26058] ? vm_area_dup+0x26/0x230 [ 1770.988272][T26058] kmem_cache_alloc+0x44/0x200 [ 1770.992871][T26058] vm_area_dup+0x26/0x230 [ 1770.997038][T26058] copy_mm+0x9a1/0x13e0 [ 1771.001033][T26058] ? copy_signal+0x610/0x610 [ 1771.005456][T26058] ? __init_rwsem+0xd6/0x1c0 [ 1771.009884][T26058] ? copy_signal+0x4e3/0x610 [ 1771.014310][T26058] copy_process+0x1149/0x3290 [ 1771.018826][T26058] ? proc_fail_nth_write+0x20b/0x290 [ 1771.023944][T26058] ? fsnotify_perm+0x6a/0x5d0 [ 1771.028457][T26058] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1771.033403][T26058] ? vfs_write+0x9ec/0x1110 [ 1771.037743][T26058] kernel_clone+0x21e/0x9e0 [ 1771.042083][T26058] ? file_end_write+0x1c0/0x1c0 [ 1771.046769][T26058] ? create_io_thread+0x1e0/0x1e0 [ 1771.051628][T26058] ? mutex_unlock+0xb2/0x260 [ 1771.056054][T26058] ? __mutex_lock_slowpath+0x10/0x10 [ 1771.061179][T26058] __x64_sys_clone+0x23f/0x290 [ 1771.065775][T26058] ? __do_sys_vfork+0x130/0x130 [ 1771.070465][T26058] ? ksys_write+0x260/0x2c0 [ 1771.074807][T26058] ? debug_smp_processor_id+0x17/0x20 [ 1771.080009][T26058] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1771.085914][T26058] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1771.091380][T26058] do_syscall_64+0x3d/0xb0 [ 1771.095634][T26058] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1771.101359][T26058] RIP: 0033:0x7f0ca8db8da9 [ 1771.105616][T26058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1771.125055][T26058] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1771.133298][T26058] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1771.141112][T26058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:54 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x64, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000080ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:54 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:55 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64) 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x65, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000085ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1771.148924][T26058] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1771.156735][T26058] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1771.164543][T26058] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1771.172388][T26058] 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x66, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000090ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x67, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000b0ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x69, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1771.236989][T26079] FAULT_INJECTION: forcing a failure. [ 1771.236989][T26079] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.285060][T26079] CPU: 1 PID: 26079 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1771.296610][T26079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1771.306675][T26079] Call Trace: [ 1771.309798][T26079] [ 1771.312577][T26079] dump_stack_lvl+0x151/0x1b7 [ 1771.317087][T26079] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1771.322557][T26079] dump_stack+0x15/0x17 [ 1771.326547][T26079] should_fail+0x3c6/0x510 [ 1771.330802][T26079] __should_failslab+0xa4/0xe0 [ 1771.335404][T26079] ? anon_vma_fork+0x1df/0x4e0 [ 1771.340003][T26079] should_failslab+0x9/0x20 [ 1771.344338][T26079] slab_pre_alloc_hook+0x37/0xd0 [ 1771.349114][T26079] ? anon_vma_fork+0x1df/0x4e0 [ 1771.353713][T26079] kmem_cache_alloc+0x44/0x200 [ 1771.358314][T26079] anon_vma_fork+0x1df/0x4e0 [ 1771.362742][T26079] copy_mm+0xa3a/0x13e0 [ 1771.366734][T26079] ? copy_signal+0x610/0x610 [ 1771.371161][T26079] ? __init_rwsem+0xd6/0x1c0 [ 1771.375586][T26079] ? copy_signal+0x4e3/0x610 [ 1771.380010][T26079] copy_process+0x1149/0x3290 [ 1771.384525][T26079] ? proc_fail_nth_write+0x20b/0x290 [ 1771.389648][T26079] ? fsnotify_perm+0x6a/0x5d0 [ 1771.394157][T26079] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1771.399124][T26079] ? vfs_write+0x9ec/0x1110 [ 1771.403443][T26079] kernel_clone+0x21e/0x9e0 [ 1771.407783][T26079] ? file_end_write+0x1c0/0x1c0 [ 1771.412472][T26079] ? create_io_thread+0x1e0/0x1e0 [ 1771.417342][T26079] ? mutex_unlock+0xb2/0x260 [ 1771.421770][T26079] ? __mutex_lock_slowpath+0x10/0x10 [ 1771.426880][T26079] __x64_sys_clone+0x23f/0x290 [ 1771.431488][T26079] ? __do_sys_vfork+0x130/0x130 [ 1771.436166][T26079] ? ksys_write+0x260/0x2c0 [ 1771.440507][T26079] ? debug_smp_processor_id+0x17/0x20 [ 1771.445714][T26079] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1771.451650][T26079] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1771.457091][T26079] do_syscall_64+0x3d/0xb0 [ 1771.461333][T26079] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1771.467063][T26079] RIP: 0033:0x7f0ca8db8da9 [ 1771.471317][T26079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1771.490757][T26079] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1771.499003][T26079] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1771.506813][T26079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1771.514623][T26079] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1771.522546][T26079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000c0ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6a, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1771.530339][T26079] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1771.538160][T26079] 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000d0ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6b, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000f0ffffff000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1771.587118][T26108] FAULT_INJECTION: forcing a failure. [ 1771.587118][T26108] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.631207][T26108] CPU: 1 PID: 26108 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1771.642758][T26108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1771.652649][T26108] Call Trace: [ 1771.655770][T26108] [ 1771.658550][T26108] dump_stack_lvl+0x151/0x1b7 [ 1771.663060][T26108] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1771.668530][T26108] dump_stack+0x15/0x17 [ 1771.672524][T26108] should_fail+0x3c6/0x510 [ 1771.676776][T26108] __should_failslab+0xa4/0xe0 [ 1771.681376][T26108] ? vm_area_dup+0x26/0x230 [ 1771.685715][T26108] should_failslab+0x9/0x20 [ 1771.690056][T26108] slab_pre_alloc_hook+0x37/0xd0 [ 1771.694829][T26108] ? vm_area_dup+0x26/0x230 [ 1771.699168][T26108] kmem_cache_alloc+0x44/0x200 [ 1771.703769][T26108] vm_area_dup+0x26/0x230 [ 1771.707932][T26108] copy_mm+0x9a1/0x13e0 [ 1771.711930][T26108] ? copy_signal+0x610/0x610 [ 1771.716355][T26108] ? __init_rwsem+0xd6/0x1c0 [ 1771.720779][T26108] ? copy_signal+0x4e3/0x610 [ 1771.725207][T26108] copy_process+0x1149/0x3290 [ 1771.729723][T26108] ? proc_fail_nth_write+0x20b/0x290 [ 1771.734841][T26108] ? fsnotify_perm+0x6a/0x5d0 [ 1771.739355][T26108] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1771.744302][T26108] ? vfs_write+0x9ec/0x1110 [ 1771.748641][T26108] kernel_clone+0x21e/0x9e0 [ 1771.752982][T26108] ? file_end_write+0x1c0/0x1c0 [ 1771.757664][T26108] ? create_io_thread+0x1e0/0x1e0 [ 1771.762524][T26108] ? mutex_unlock+0xb2/0x260 [ 1771.766952][T26108] ? __mutex_lock_slowpath+0x10/0x10 [ 1771.772074][T26108] __x64_sys_clone+0x23f/0x290 [ 1771.776673][T26108] ? __do_sys_vfork+0x130/0x130 [ 1771.781359][T26108] ? ksys_write+0x260/0x2c0 [ 1771.785700][T26108] ? debug_smp_processor_id+0x17/0x20 [ 1771.790906][T26108] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1771.796807][T26108] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1771.802278][T26108] do_syscall_64+0x3d/0xb0 [ 1771.806530][T26108] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1771.812257][T26108] RIP: 0033:0x7f0ca8db8da9 [ 1771.816513][T26108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1771.835952][T26108] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1771.844218][T26108] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1771.852006][T26108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1771.859818][T26108] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1771.867629][T26108] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:55 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:55 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000020000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:55 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66) [ 1771.875527][T26108] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1771.883345][T26108] [ 1771.913846][T26127] FAULT_INJECTION: forcing a failure. [ 1771.913846][T26127] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.929671][T26127] CPU: 0 PID: 26127 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1771.941228][T26127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1771.951128][T26127] Call Trace: [ 1771.954240][T26127] [ 1771.957020][T26127] dump_stack_lvl+0x151/0x1b7 [ 1771.961552][T26127] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1771.967003][T26127] dump_stack+0x15/0x17 [ 1771.970994][T26127] should_fail+0x3c6/0x510 [ 1771.975244][T26127] __should_failslab+0xa4/0xe0 [ 1771.979843][T26127] ? vm_area_dup+0x26/0x230 [ 1771.984185][T26127] should_failslab+0x9/0x20 [ 1771.988522][T26127] slab_pre_alloc_hook+0x37/0xd0 [ 1771.993297][T26127] ? vm_area_dup+0x26/0x230 [ 1771.997636][T26127] kmem_cache_alloc+0x44/0x200 [ 1772.002240][T26127] vm_area_dup+0x26/0x230 [ 1772.006403][T26127] copy_mm+0x9a1/0x13e0 [ 1772.010396][T26127] ? copy_signal+0x610/0x610 [ 1772.014823][T26127] ? __init_rwsem+0xd6/0x1c0 [ 1772.019249][T26127] ? copy_signal+0x4e3/0x610 [ 1772.023672][T26127] copy_process+0x1149/0x3290 [ 1772.028201][T26127] ? proc_fail_nth_write+0x20b/0x290 [ 1772.033307][T26127] ? fsnotify_perm+0x6a/0x5d0 [ 1772.037821][T26127] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1772.042768][T26127] ? vfs_write+0x9ec/0x1110 [ 1772.047112][T26127] kernel_clone+0x21e/0x9e0 [ 1772.051447][T26127] ? file_end_write+0x1c0/0x1c0 [ 1772.056134][T26127] ? create_io_thread+0x1e0/0x1e0 [ 1772.060996][T26127] ? mutex_unlock+0xb2/0x260 [ 1772.065420][T26127] ? __mutex_lock_slowpath+0x10/0x10 [ 1772.070544][T26127] __x64_sys_clone+0x23f/0x290 [ 1772.075141][T26127] ? __do_sys_vfork+0x130/0x130 [ 1772.079829][T26127] ? ksys_write+0x260/0x2c0 [ 1772.084170][T26127] ? debug_smp_processor_id+0x17/0x20 [ 1772.089387][T26127] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1772.095296][T26127] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1772.100747][T26127] do_syscall_64+0x3d/0xb0 [ 1772.105000][T26127] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1772.110996][T26127] RIP: 0033:0x7f0ca8db8da9 [ 1772.115413][T26127] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1772.135037][T26127] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1772.143360][T26127] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1772.151172][T26127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000030000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:56 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67) [ 1772.159071][T26127] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1772.166878][T26127] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1772.174690][T26127] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1772.182509][T26127] 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000040000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000050000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1772.232310][T26142] FAULT_INJECTION: forcing a failure. [ 1772.232310][T26142] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1772.256384][T26142] CPU: 0 PID: 26142 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1772.267943][T26142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1772.277836][T26142] Call Trace: [ 1772.280959][T26142] [ 1772.283735][T26142] dump_stack_lvl+0x151/0x1b7 [ 1772.288248][T26142] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1772.293716][T26142] dump_stack+0x15/0x17 [ 1772.297709][T26142] should_fail+0x3c6/0x510 [ 1772.301967][T26142] should_fail_alloc_page+0x5a/0x80 [ 1772.306994][T26142] prepare_alloc_pages+0x15c/0x700 [ 1772.311943][T26142] ? __alloc_pages_bulk+0xe40/0xe40 [ 1772.316980][T26142] __alloc_pages+0x18c/0x8f0 [ 1772.321400][T26142] ? prep_new_page+0x110/0x110 [ 1772.326004][T26142] ? is_bpf_text_address+0x172/0x190 [ 1772.331125][T26142] pte_alloc_one+0x73/0x1b0 [ 1772.335461][T26142] ? pfn_modify_allowed+0x2f0/0x2f0 [ 1772.340496][T26142] ? arch_stack_walk+0xf3/0x140 [ 1772.345186][T26142] __pte_alloc+0x86/0x350 [ 1772.349349][T26142] ? free_pgtables+0x280/0x280 [ 1772.353952][T26142] ? _raw_spin_lock+0xa4/0x1b0 [ 1772.358549][T26142] ? __kasan_check_write+0x14/0x20 [ 1772.363497][T26142] copy_page_range+0x28a8/0x2f90 [ 1772.368272][T26142] ? __kasan_slab_alloc+0xb1/0xe0 [ 1772.373136][T26142] ? pfn_valid+0x1e0/0x1e0 [ 1772.377383][T26142] ? vma_interval_tree_augment_rotate+0x1a3/0x1d0 [ 1772.383634][T26142] copy_mm+0xc7e/0x13e0 [ 1772.387625][T26142] ? copy_signal+0x610/0x610 [ 1772.392156][T26142] ? __init_rwsem+0xd6/0x1c0 [ 1772.396579][T26142] ? copy_signal+0x4e3/0x610 [ 1772.401006][T26142] copy_process+0x1149/0x3290 [ 1772.405523][T26142] ? proc_fail_nth_write+0x20b/0x290 [ 1772.410641][T26142] ? fsnotify_perm+0x6a/0x5d0 [ 1772.415156][T26142] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1772.420103][T26142] ? vfs_write+0x9ec/0x1110 [ 1772.424444][T26142] kernel_clone+0x21e/0x9e0 [ 1772.428781][T26142] ? file_end_write+0x1c0/0x1c0 [ 1772.433466][T26142] ? create_io_thread+0x1e0/0x1e0 [ 1772.438327][T26142] ? mutex_unlock+0xb2/0x260 [ 1772.442769][T26142] ? __mutex_lock_slowpath+0x10/0x10 [ 1772.447876][T26142] __x64_sys_clone+0x23f/0x290 [ 1772.452486][T26142] ? __do_sys_vfork+0x130/0x130 [ 1772.457162][T26142] ? ksys_write+0x260/0x2c0 [ 1772.461502][T26142] ? debug_smp_processor_id+0x17/0x20 [ 1772.466707][T26142] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1772.472698][T26142] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1772.478254][T26142] do_syscall_64+0x3d/0xb0 [ 1772.482505][T26142] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1772.488233][T26142] RIP: 0033:0x7f0ca8db8da9 [ 1772.492489][T26142] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1772.511930][T26142] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1772.520171][T26142] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000060000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:56 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68) 07:45:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x6f, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000070000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1772.527982][T26142] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1772.535794][T26142] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1772.543616][T26142] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1772.551418][T26142] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1772.559237][T26142] [ 1772.617893][T26162] FAULT_INJECTION: forcing a failure. [ 1772.617893][T26162] name failslab, interval 1, probability 0, space 0, times 0 [ 1772.634824][T26162] CPU: 1 PID: 26162 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1772.646381][T26162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1772.656272][T26162] Call Trace: [ 1772.659394][T26162] [ 1772.662173][T26162] dump_stack_lvl+0x151/0x1b7 [ 1772.666685][T26162] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1772.672154][T26162] dump_stack+0x15/0x17 [ 1772.676144][T26162] should_fail+0x3c6/0x510 [ 1772.680398][T26162] __should_failslab+0xa4/0xe0 [ 1772.684998][T26162] ? vm_area_dup+0x26/0x230 [ 1772.689337][T26162] should_failslab+0x9/0x20 [ 1772.693678][T26162] slab_pre_alloc_hook+0x37/0xd0 [ 1772.698451][T26162] ? vm_area_dup+0x26/0x230 [ 1772.702790][T26162] kmem_cache_alloc+0x44/0x200 [ 1772.707391][T26162] vm_area_dup+0x26/0x230 [ 1772.711560][T26162] copy_mm+0x9a1/0x13e0 [ 1772.715557][T26162] ? copy_signal+0x610/0x610 [ 1772.719982][T26162] ? __init_rwsem+0xd6/0x1c0 [ 1772.724400][T26162] ? copy_signal+0x4e3/0x610 [ 1772.728836][T26162] copy_process+0x1149/0x3290 [ 1772.733341][T26162] ? proc_fail_nth_write+0x20b/0x290 [ 1772.738462][T26162] ? fsnotify_perm+0x6a/0x5d0 [ 1772.742977][T26162] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1772.747925][T26162] ? vfs_write+0x9ec/0x1110 [ 1772.752267][T26162] kernel_clone+0x21e/0x9e0 [ 1772.756600][T26162] ? file_end_write+0x1c0/0x1c0 [ 1772.761301][T26162] ? create_io_thread+0x1e0/0x1e0 [ 1772.766149][T26162] ? mutex_unlock+0xb2/0x260 [ 1772.770576][T26162] ? __mutex_lock_slowpath+0x10/0x10 [ 1772.775697][T26162] __x64_sys_clone+0x23f/0x290 [ 1772.780312][T26162] ? __do_sys_vfork+0x130/0x130 [ 1772.784981][T26162] ? ksys_write+0x260/0x2c0 [ 1772.789324][T26162] ? debug_smp_processor_id+0x17/0x20 [ 1772.794537][T26162] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1772.800432][T26162] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1772.805899][T26162] do_syscall_64+0x3d/0xb0 [ 1772.810150][T26162] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1772.815879][T26162] RIP: 0033:0x7f0ca8db8da9 [ 1772.820138][T26162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1772.839663][T26162] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1772.847907][T26162] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1772.855717][T26162] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x71, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000080000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:56 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69) 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000a0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1772.863539][T26162] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1772.871339][T26162] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1772.879236][T26162] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1772.887054][T26162] 07:45:56 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:56 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x72, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1772.928872][T26179] FAULT_INJECTION: forcing a failure. [ 1772.928872][T26179] name failslab, interval 1, probability 0, space 0, times 0 [ 1772.945513][T26179] CPU: 1 PID: 26179 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1772.957168][T26179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1772.967060][T26179] Call Trace: [ 1772.970182][T26179] [ 1772.972962][T26179] dump_stack_lvl+0x151/0x1b7 [ 1772.977473][T26179] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1772.982944][T26179] dump_stack+0x15/0x17 [ 1772.986932][T26179] should_fail+0x3c6/0x510 [ 1772.991189][T26179] __should_failslab+0xa4/0xe0 [ 1772.995788][T26179] ? vm_area_dup+0x26/0x230 [ 1773.000126][T26179] should_failslab+0x9/0x20 [ 1773.004466][T26179] slab_pre_alloc_hook+0x37/0xd0 [ 1773.009415][T26179] ? vm_area_dup+0x26/0x230 [ 1773.013751][T26179] kmem_cache_alloc+0x44/0x200 [ 1773.018351][T26179] vm_area_dup+0x26/0x230 [ 1773.022527][T26179] copy_mm+0x9a1/0x13e0 [ 1773.026512][T26179] ? copy_signal+0x610/0x610 [ 1773.030937][T26179] ? __init_rwsem+0xd6/0x1c0 [ 1773.035364][T26179] ? copy_signal+0x4e3/0x610 [ 1773.039790][T26179] copy_process+0x1149/0x3290 [ 1773.044393][T26179] ? proc_fail_nth_write+0x20b/0x290 [ 1773.049511][T26179] ? fsnotify_perm+0x6a/0x5d0 [ 1773.054027][T26179] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1773.058976][T26179] ? vfs_write+0x9ec/0x1110 [ 1773.063398][T26179] kernel_clone+0x21e/0x9e0 [ 1773.067738][T26179] ? file_end_write+0x1c0/0x1c0 [ 1773.072526][T26179] ? create_io_thread+0x1e0/0x1e0 [ 1773.077380][T26179] ? mutex_unlock+0xb2/0x260 [ 1773.081806][T26179] ? __mutex_lock_slowpath+0x10/0x10 [ 1773.086927][T26179] __x64_sys_clone+0x23f/0x290 [ 1773.091529][T26179] ? __do_sys_vfork+0x130/0x130 [ 1773.096214][T26179] ? ksys_write+0x260/0x2c0 [ 1773.100561][T26179] ? debug_smp_processor_id+0x17/0x20 [ 1773.105760][T26179] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1773.111664][T26179] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1773.117132][T26179] do_syscall_64+0x3d/0xb0 [ 1773.121393][T26179] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1773.127111][T26179] RIP: 0033:0x7f0ca8db8da9 [ 1773.131366][T26179] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1773.150805][T26179] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1773.159052][T26179] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1773.166860][T26179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:45:57 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000c0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x73, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000d0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x74, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1773.174672][T26179] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1773.182485][T26179] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1773.190412][T26179] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1773.198200][T26179] 07:45:57 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000000f0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x75, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000100000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1773.267471][T26196] FAULT_INJECTION: forcing a failure. [ 1773.267471][T26196] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.315918][T26196] CPU: 0 PID: 26196 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1773.327655][T26196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1773.337553][T26196] Call Trace: [ 1773.340673][T26196] [ 1773.343451][T26196] dump_stack_lvl+0x151/0x1b7 [ 1773.347962][T26196] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1773.353430][T26196] dump_stack+0x15/0x17 [ 1773.357421][T26196] should_fail+0x3c6/0x510 [ 1773.361672][T26196] __should_failslab+0xa4/0xe0 [ 1773.366274][T26196] ? vm_area_dup+0x26/0x230 [ 1773.370610][T26196] should_failslab+0x9/0x20 [ 1773.374951][T26196] slab_pre_alloc_hook+0x37/0xd0 [ 1773.379725][T26196] ? vm_area_dup+0x26/0x230 [ 1773.384065][T26196] kmem_cache_alloc+0x44/0x200 [ 1773.388666][T26196] vm_area_dup+0x26/0x230 [ 1773.392832][T26196] copy_mm+0x9a1/0x13e0 [ 1773.396826][T26196] ? copy_signal+0x610/0x610 [ 1773.401261][T26196] ? __init_rwsem+0xd6/0x1c0 [ 1773.405677][T26196] ? copy_signal+0x4e3/0x610 [ 1773.410103][T26196] copy_process+0x1149/0x3290 [ 1773.414617][T26196] ? proc_fail_nth_write+0x20b/0x290 [ 1773.419738][T26196] ? fsnotify_perm+0x6a/0x5d0 [ 1773.424250][T26196] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1773.429198][T26196] ? vfs_write+0x9ec/0x1110 [ 1773.433538][T26196] kernel_clone+0x21e/0x9e0 [ 1773.437877][T26196] ? file_end_write+0x1c0/0x1c0 [ 1773.442566][T26196] ? create_io_thread+0x1e0/0x1e0 [ 1773.447421][T26196] ? mutex_unlock+0xb2/0x260 [ 1773.451851][T26196] ? __mutex_lock_slowpath+0x10/0x10 [ 1773.456970][T26196] __x64_sys_clone+0x23f/0x290 [ 1773.461575][T26196] ? __do_sys_vfork+0x130/0x130 [ 1773.466258][T26196] ? ksys_write+0x260/0x2c0 [ 1773.470600][T26196] ? debug_smp_processor_id+0x17/0x20 [ 1773.475801][T26196] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1773.481707][T26196] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1773.487172][T26196] do_syscall_64+0x3d/0xb0 [ 1773.491426][T26196] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1773.497175][T26196] RIP: 0033:0x7f0ca8db8da9 [ 1773.501415][T26196] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1773.520851][T26196] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1773.529091][T26196] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1773.536904][T26196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1773.544714][T26196] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1773.552526][T26196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x76, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000140000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x77, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1773.560337][T26196] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1773.568154][T26196] 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000180000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x79, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7a, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000190000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1773.664654][T26228] FAULT_INJECTION: forcing a failure. [ 1773.664654][T26228] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.695171][T26228] CPU: 0 PID: 26228 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1773.706727][T26228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1773.716620][T26228] Call Trace: [ 1773.719742][T26228] [ 1773.722520][T26228] dump_stack_lvl+0x151/0x1b7 [ 1773.727037][T26228] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1773.732502][T26228] ? avc_denied+0x1b0/0x1b0 [ 1773.736842][T26228] dump_stack+0x15/0x17 [ 1773.740834][T26228] should_fail+0x3c6/0x510 [ 1773.745088][T26228] __should_failslab+0xa4/0xe0 [ 1773.749685][T26228] ? vm_area_dup+0x26/0x230 [ 1773.754156][T26228] should_failslab+0x9/0x20 [ 1773.758453][T26228] slab_pre_alloc_hook+0x37/0xd0 [ 1773.763225][T26228] ? vm_area_dup+0x26/0x230 [ 1773.767566][T26228] kmem_cache_alloc+0x44/0x200 [ 1773.772163][T26228] vm_area_dup+0x26/0x230 [ 1773.776333][T26228] copy_mm+0x9a1/0x13e0 [ 1773.780324][T26228] ? copy_signal+0x610/0x610 [ 1773.784746][T26228] ? __init_rwsem+0xd6/0x1c0 [ 1773.789176][T26228] ? copy_signal+0x4e3/0x610 [ 1773.793692][T26228] copy_process+0x1149/0x3290 [ 1773.798202][T26228] ? proc_fail_nth_write+0x20b/0x290 [ 1773.803324][T26228] ? fsnotify_perm+0x6a/0x5d0 [ 1773.807834][T26228] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1773.812783][T26228] ? vfs_write+0x9ec/0x1110 [ 1773.817122][T26228] kernel_clone+0x21e/0x9e0 [ 1773.821460][T26228] ? file_end_write+0x1c0/0x1c0 [ 1773.826237][T26228] ? create_io_thread+0x1e0/0x1e0 [ 1773.831093][T26228] ? mutex_unlock+0xb2/0x260 [ 1773.835520][T26228] ? __mutex_lock_slowpath+0x10/0x10 [ 1773.840641][T26228] __x64_sys_clone+0x23f/0x290 [ 1773.845244][T26228] ? __do_sys_vfork+0x130/0x130 [ 1773.849929][T26228] ? ksys_write+0x260/0x2c0 [ 1773.854270][T26228] ? debug_smp_processor_id+0x17/0x20 [ 1773.859477][T26228] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1773.865384][T26228] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1773.870847][T26228] do_syscall_64+0x3d/0xb0 [ 1773.875102][T26228] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1773.880827][T26228] RIP: 0033:0x7f0ca8db8da9 [ 1773.885083][T26228] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1773.904537][T26228] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000001b0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7b, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:57 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="18080000000000000000001c0000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1773.912886][T26228] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1773.920663][T26228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1773.928472][T26228] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1773.936375][T26228] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1773.944186][T26228] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1773.951997][T26228] 07:45:57 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:57 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000280000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:57 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1774.004666][T26247] FAULT_INJECTION: forcing a failure. [ 1774.004666][T26247] name failslab, interval 1, probability 0, space 0, times 0 [ 1774.041019][T26247] CPU: 1 PID: 26247 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1774.052579][T26247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1774.062472][T26247] Call Trace: [ 1774.065593][T26247] [ 1774.068384][T26247] dump_stack_lvl+0x151/0x1b7 [ 1774.072896][T26247] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1774.078354][T26247] dump_stack+0x15/0x17 [ 1774.082345][T26247] should_fail+0x3c6/0x510 [ 1774.086599][T26247] __should_failslab+0xa4/0xe0 [ 1774.091196][T26247] ? anon_vma_clone+0x9a/0x500 [ 1774.095802][T26247] should_failslab+0x9/0x20 [ 1774.100140][T26247] slab_pre_alloc_hook+0x37/0xd0 [ 1774.104912][T26247] ? anon_vma_clone+0x9a/0x500 [ 1774.109508][T26247] kmem_cache_alloc+0x44/0x200 [ 1774.114112][T26247] anon_vma_clone+0x9a/0x500 [ 1774.118537][T26247] anon_vma_fork+0x91/0x4e0 [ 1774.122876][T26247] ? anon_vma_name+0x43/0x70 [ 1774.127303][T26247] ? vm_area_dup+0x17a/0x230 [ 1774.131731][T26247] copy_mm+0xa3a/0x13e0 [ 1774.135724][T26247] ? copy_signal+0x610/0x610 [ 1774.140151][T26247] ? __init_rwsem+0xd6/0x1c0 [ 1774.144574][T26247] ? copy_signal+0x4e3/0x610 [ 1774.149002][T26247] copy_process+0x1149/0x3290 [ 1774.153517][T26247] ? proc_fail_nth_write+0x20b/0x290 [ 1774.158636][T26247] ? fsnotify_perm+0x6a/0x5d0 [ 1774.163248][T26247] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1774.168182][T26247] ? vfs_write+0x9ec/0x1110 [ 1774.172608][T26247] kernel_clone+0x21e/0x9e0 [ 1774.176949][T26247] ? file_end_write+0x1c0/0x1c0 [ 1774.181633][T26247] ? create_io_thread+0x1e0/0x1e0 [ 1774.186494][T26247] ? mutex_unlock+0xb2/0x260 [ 1774.190951][T26247] ? __mutex_lock_slowpath+0x10/0x10 [ 1774.196238][T26247] __x64_sys_clone+0x23f/0x290 [ 1774.200814][T26247] ? __do_sys_vfork+0x130/0x130 [ 1774.205498][T26247] ? ksys_write+0x260/0x2c0 [ 1774.209853][T26247] ? debug_smp_processor_id+0x17/0x20 [ 1774.215047][T26247] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1774.220950][T26247] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1774.226422][T26247] do_syscall_64+0x3d/0xb0 [ 1774.230672][T26247] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1774.236420][T26247] RIP: 0033:0x7f0ca8db8da9 [ 1774.240742][T26247] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1774.260180][T26247] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1774.268425][T26247] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1774.276237][T26247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1774.284053][T26247] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1774.291874][T26247] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000300000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7d, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73) [ 1774.299668][T26247] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1774.307488][T26247] 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000380000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x7e, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1774.349451][T26268] FAULT_INJECTION: forcing a failure. [ 1774.349451][T26268] name failslab, interval 1, probability 0, space 0, times 0 [ 1774.370822][T26268] CPU: 0 PID: 26268 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1774.382395][T26268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1774.392374][T26268] Call Trace: [ 1774.395486][T26268] [ 1774.398261][T26268] dump_stack_lvl+0x151/0x1b7 [ 1774.402782][T26268] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1774.408241][T26268] dump_stack+0x15/0x17 [ 1774.412231][T26268] should_fail+0x3c6/0x510 [ 1774.416483][T26268] __should_failslab+0xa4/0xe0 [ 1774.421084][T26268] ? anon_vma_clone+0x9a/0x500 [ 1774.425870][T26268] should_failslab+0x9/0x20 [ 1774.430159][T26268] slab_pre_alloc_hook+0x37/0xd0 [ 1774.434929][T26268] ? anon_vma_clone+0x9a/0x500 [ 1774.439527][T26268] kmem_cache_alloc+0x44/0x200 [ 1774.444127][T26268] anon_vma_clone+0x9a/0x500 [ 1774.448553][T26268] anon_vma_fork+0x91/0x4e0 [ 1774.452894][T26268] ? anon_vma_name+0x43/0x70 [ 1774.457317][T26268] ? vm_area_dup+0x17a/0x230 [ 1774.461747][T26268] copy_mm+0xa3a/0x13e0 [ 1774.465740][T26268] ? copy_signal+0x610/0x610 [ 1774.470163][T26268] ? __init_rwsem+0xd6/0x1c0 [ 1774.474591][T26268] ? copy_signal+0x4e3/0x610 [ 1774.479016][T26268] copy_process+0x1149/0x3290 [ 1774.483539][T26268] ? proc_fail_nth_write+0x20b/0x290 [ 1774.488650][T26268] ? fsnotify_perm+0x6a/0x5d0 [ 1774.493165][T26268] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1774.498112][T26268] ? vfs_write+0x9ec/0x1110 [ 1774.502449][T26268] kernel_clone+0x21e/0x9e0 [ 1774.506793][T26268] ? file_end_write+0x1c0/0x1c0 [ 1774.511478][T26268] ? create_io_thread+0x1e0/0x1e0 [ 1774.516336][T26268] ? mutex_unlock+0xb2/0x260 [ 1774.520765][T26268] ? __mutex_lock_slowpath+0x10/0x10 [ 1774.525885][T26268] __x64_sys_clone+0x23f/0x290 [ 1774.530490][T26268] ? __do_sys_vfork+0x130/0x130 [ 1774.535169][T26268] ? ksys_write+0x260/0x2c0 [ 1774.539511][T26268] ? debug_smp_processor_id+0x17/0x20 [ 1774.544720][T26268] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1774.550623][T26268] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1774.556090][T26268] do_syscall_64+0x3d/0xb0 [ 1774.560427][T26268] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1774.566155][T26268] RIP: 0033:0x7f0ca8db8da9 [ 1774.570415][T26268] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1774.589851][T26268] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000480000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74) [ 1774.598094][T26268] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1774.605903][T26268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1774.613716][T26268] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1774.621529][T26268] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1774.629338][T26268] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1774.637155][T26268] [ 1774.676677][T26283] FAULT_INJECTION: forcing a failure. [ 1774.676677][T26283] name failslab, interval 1, probability 0, space 0, times 0 [ 1774.696539][T26283] CPU: 1 PID: 26283 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1774.708103][T26283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1774.718000][T26283] Call Trace: [ 1774.721119][T26283] [ 1774.723895][T26283] dump_stack_lvl+0x151/0x1b7 [ 1774.728408][T26283] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1774.733875][T26283] dump_stack+0x15/0x17 [ 1774.737864][T26283] should_fail+0x3c6/0x510 [ 1774.742118][T26283] __should_failslab+0xa4/0xe0 [ 1774.746737][T26283] ? anon_vma_clone+0x9a/0x500 [ 1774.751321][T26283] should_failslab+0x9/0x20 [ 1774.755668][T26283] slab_pre_alloc_hook+0x37/0xd0 [ 1774.760433][T26283] ? anon_vma_clone+0x9a/0x500 [ 1774.765030][T26283] kmem_cache_alloc+0x44/0x200 [ 1774.769720][T26283] anon_vma_clone+0x9a/0x500 [ 1774.774144][T26283] anon_vma_fork+0x91/0x4e0 [ 1774.778579][T26283] ? anon_vma_name+0x4c/0x70 [ 1774.783001][T26283] ? vm_area_dup+0x17a/0x230 [ 1774.787441][T26283] copy_mm+0xa3a/0x13e0 [ 1774.791423][T26283] ? copy_signal+0x610/0x610 [ 1774.795847][T26283] ? __init_rwsem+0xd6/0x1c0 [ 1774.800274][T26283] ? copy_signal+0x4e3/0x610 [ 1774.804702][T26283] copy_process+0x1149/0x3290 [ 1774.809217][T26283] ? proc_fail_nth_write+0x20b/0x290 [ 1774.814337][T26283] ? fsnotify_perm+0x6a/0x5d0 [ 1774.818847][T26283] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1774.823796][T26283] ? vfs_write+0x9ec/0x1110 [ 1774.828138][T26283] kernel_clone+0x21e/0x9e0 [ 1774.832473][T26283] ? file_end_write+0x1c0/0x1c0 [ 1774.837160][T26283] ? create_io_thread+0x1e0/0x1e0 [ 1774.842020][T26283] ? mutex_unlock+0xb2/0x260 [ 1774.846449][T26283] ? __mutex_lock_slowpath+0x10/0x10 [ 1774.851567][T26283] __x64_sys_clone+0x23f/0x290 [ 1774.856167][T26283] ? __do_sys_vfork+0x130/0x130 [ 1774.860858][T26283] ? ksys_write+0x260/0x2c0 [ 1774.865199][T26283] ? debug_smp_processor_id+0x17/0x20 [ 1774.870402][T26283] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1774.876306][T26283] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1774.881773][T26283] do_syscall_64+0x3d/0xb0 [ 1774.886025][T26283] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1774.891752][T26283] RIP: 0033:0x7f0ca8db8da9 [ 1774.896007][T26283] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1774.915445][T26283] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000580000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000600000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xf4240, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000680000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1774.923718][T26283] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1774.931503][T26283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1774.939317][T26283] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1774.947126][T26283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1774.954935][T26283] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1774.962753][T26283] 07:45:58 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000700000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:58 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 75) 07:45:58 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000780000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1775.042206][T26304] FAULT_INJECTION: forcing a failure. [ 1775.042206][T26304] name failslab, interval 1, probability 0, space 0, times 0 [ 1775.059420][T26304] CPU: 1 PID: 26304 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1775.070982][T26304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1775.080880][T26304] Call Trace: [ 1775.084006][T26304] [ 1775.086784][T26304] dump_stack_lvl+0x151/0x1b7 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x69, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1775.091481][T26304] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1775.096943][T26304] dump_stack+0x15/0x17 [ 1775.100937][T26304] should_fail+0x3c6/0x510 [ 1775.105181][T26304] __should_failslab+0xa4/0xe0 [ 1775.109780][T26304] ? anon_vma_clone+0x9a/0x500 [ 1775.114380][T26304] should_failslab+0x9/0x20 [ 1775.118722][T26304] slab_pre_alloc_hook+0x37/0xd0 [ 1775.123500][T26304] ? anon_vma_clone+0x9a/0x500 [ 1775.128093][T26304] kmem_cache_alloc+0x44/0x200 [ 1775.132699][T26304] anon_vma_clone+0x9a/0x500 [ 1775.137121][T26304] anon_vma_fork+0x91/0x4e0 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x6a, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1775.141458][T26304] ? anon_vma_name+0x43/0x70 [ 1775.145885][T26304] ? vm_area_dup+0x17a/0x230 [ 1775.150575][T26304] copy_mm+0xa3a/0x13e0 [ 1775.154568][T26304] ? copy_signal+0x610/0x610 [ 1775.158993][T26304] ? __init_rwsem+0xd6/0x1c0 [ 1775.163420][T26304] ? copy_signal+0x4e3/0x610 [ 1775.167843][T26304] copy_process+0x1149/0x3290 [ 1775.172362][T26304] ? proc_fail_nth_write+0x20b/0x290 [ 1775.177477][T26304] ? fsnotify_perm+0x6a/0x5d0 [ 1775.182075][T26304] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1775.187111][T26304] ? vfs_write+0x9ec/0x1110 [ 1775.191457][T26304] kernel_clone+0x21e/0x9e0 [ 1775.195790][T26304] ? file_end_write+0x1c0/0x1c0 [ 1775.200475][T26304] ? create_io_thread+0x1e0/0x1e0 [ 1775.205337][T26304] ? mutex_unlock+0xb2/0x260 [ 1775.209763][T26304] ? __mutex_lock_slowpath+0x10/0x10 [ 1775.214887][T26304] __x64_sys_clone+0x23f/0x290 [ 1775.219482][T26304] ? __do_sys_vfork+0x130/0x130 [ 1775.224175][T26304] ? ksys_write+0x260/0x2c0 [ 1775.228536][T26304] ? debug_smp_processor_id+0x17/0x20 [ 1775.233717][T26304] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1775.239624][T26304] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1775.245088][T26304] do_syscall_64+0x3d/0xb0 [ 1775.249718][T26304] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1775.255443][T26304] RIP: 0033:0x7f0ca8db8da9 [ 1775.259777][T26304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1775.279281][T26304] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000880000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000980000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000a80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1775.287614][T26304] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1775.295428][T26304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1775.303239][T26304] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1775.311048][T26304] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1775.318859][T26304] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1775.326688][T26304] 07:45:59 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 76) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000b80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x71, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000c80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1775.421677][T26341] FAULT_INJECTION: forcing a failure. [ 1775.421677][T26341] name failslab, interval 1, probability 0, space 0, times 0 [ 1775.446581][T26341] CPU: 0 PID: 26341 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1775.458142][T26341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1775.468228][T26341] Call Trace: 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000d80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000e80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1775.471348][T26341] [ 1775.474125][T26341] dump_stack_lvl+0x151/0x1b7 [ 1775.478772][T26341] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1775.484239][T26341] dump_stack+0x15/0x17 [ 1775.488230][T26341] should_fail+0x3c6/0x510 [ 1775.492486][T26341] __should_failslab+0xa4/0xe0 [ 1775.497081][T26341] ? anon_vma_fork+0x1df/0x4e0 [ 1775.501728][T26341] should_failslab+0x9/0x20 [ 1775.506023][T26341] slab_pre_alloc_hook+0x37/0xd0 [ 1775.510795][T26341] ? anon_vma_fork+0x1df/0x4e0 [ 1775.515395][T26341] kmem_cache_alloc+0x44/0x200 [ 1775.519997][T26341] anon_vma_fork+0x1df/0x4e0 [ 1775.524422][T26341] copy_mm+0xa3a/0x13e0 [ 1775.528410][T26341] ? copy_signal+0x610/0x610 [ 1775.533093][T26341] ? __init_rwsem+0xd6/0x1c0 [ 1775.537521][T26341] ? copy_signal+0x4e3/0x610 [ 1775.541948][T26341] copy_process+0x1149/0x3290 [ 1775.546461][T26341] ? proc_fail_nth_write+0x20b/0x290 [ 1775.551582][T26341] ? fsnotify_perm+0x6a/0x5d0 [ 1775.556095][T26341] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1775.561044][T26341] ? vfs_write+0x9ec/0x1110 [ 1775.565383][T26341] kernel_clone+0x21e/0x9e0 [ 1775.569721][T26341] ? file_end_write+0x1c0/0x1c0 [ 1775.574408][T26341] ? create_io_thread+0x1e0/0x1e0 [ 1775.579271][T26341] ? mutex_unlock+0xb2/0x260 [ 1775.583697][T26341] ? __mutex_lock_slowpath+0x10/0x10 [ 1775.588819][T26341] __x64_sys_clone+0x23f/0x290 [ 1775.593415][T26341] ? __do_sys_vfork+0x130/0x130 [ 1775.598100][T26341] ? ksys_write+0x260/0x2c0 [ 1775.602444][T26341] ? debug_smp_processor_id+0x17/0x20 [ 1775.607648][T26341] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1775.613552][T26341] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1775.619019][T26341] do_syscall_64+0x3d/0xb0 [ 1775.623274][T26341] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1775.628997][T26341] RIP: 0033:0x7f0ca8db8da9 [ 1775.633254][T26341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1775.652696][T26341] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1775.660939][T26341] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff84, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000f00000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000f80000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1775.668752][T26341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1775.676561][T26341] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1775.684371][T26341] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1775.692183][T26341] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1775.699999][T26341] 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x79, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff85, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 77) 07:45:59 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000080100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:45:59 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000008500000008"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:45:59 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff87, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:45:59 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1775.794055][T26375] FAULT_INJECTION: forcing a failure. [ 1775.794055][T26375] name failslab, interval 1, probability 0, space 0, times 0 [ 1775.807331][T26375] CPU: 0 PID: 26375 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1775.818876][T26375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1775.828769][T26375] Call Trace: [ 1775.831891][T26375] [ 1775.834674][T26375] dump_stack_lvl+0x151/0x1b7 [ 1775.839196][T26375] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1775.844667][T26375] dump_stack+0x15/0x17 [ 1775.848643][T26375] should_fail+0x3c6/0x510 [ 1775.852895][T26375] __should_failslab+0xa4/0xe0 [ 1775.857495][T26375] ? anon_vma_fork+0xf7/0x4e0 [ 1775.862007][T26375] should_failslab+0x9/0x20 [ 1775.866355][T26375] slab_pre_alloc_hook+0x37/0xd0 [ 1775.871122][T26375] ? anon_vma_fork+0xf7/0x4e0 [ 1775.875635][T26375] kmem_cache_alloc+0x44/0x200 [ 1775.880236][T26375] anon_vma_fork+0xf7/0x4e0 [ 1775.884573][T26375] ? anon_vma_name+0x43/0x70 [ 1775.888999][T26375] ? vm_area_dup+0x17a/0x230 [ 1775.893428][T26375] copy_mm+0xa3a/0x13e0 [ 1775.897421][T26375] ? copy_signal+0x610/0x610 [ 1775.901847][T26375] ? __init_rwsem+0xd6/0x1c0 [ 1775.906270][T26375] ? copy_signal+0x4e3/0x610 [ 1775.910697][T26375] copy_process+0x1149/0x3290 [ 1775.915213][T26375] ? proc_fail_nth_write+0x20b/0x290 [ 1775.920334][T26375] ? fsnotify_perm+0x6a/0x5d0 [ 1775.924846][T26375] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1775.929793][T26375] ? vfs_write+0x9ec/0x1110 [ 1775.934136][T26375] kernel_clone+0x21e/0x9e0 [ 1775.938471][T26375] ? file_end_write+0x1c0/0x1c0 [ 1775.943159][T26375] ? create_io_thread+0x1e0/0x1e0 [ 1775.948019][T26375] ? mutex_unlock+0xb2/0x260 [ 1775.952445][T26375] ? __mutex_lock_slowpath+0x10/0x10 [ 1775.957565][T26375] __x64_sys_clone+0x23f/0x290 [ 1775.962167][T26375] ? __do_sys_vfork+0x130/0x130 [ 1775.966852][T26375] ? ksys_write+0x260/0x2c0 [ 1775.971194][T26375] ? debug_smp_processor_id+0x17/0x20 [ 1775.976416][T26375] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1775.982300][T26375] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1775.987768][T26375] do_syscall_64+0x3d/0xb0 [ 1775.992022][T26375] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1775.997749][T26375] RIP: 0033:0x7f0ca8db8da9 [ 1776.002004][T26375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1776.021451][T26375] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1776.029697][T26375] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000180100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 78) [ 1776.037498][T26375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1776.045313][T26375] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1776.053128][T26375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1776.060935][T26375] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1776.068750][T26375] 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.098753][T26385] FAULT_INJECTION: forcing a failure. [ 1776.098753][T26385] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.111696][T26385] CPU: 1 PID: 26385 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1776.123238][T26385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1776.133142][T26385] Call Trace: [ 1776.136251][T26385] [ 1776.139035][T26385] dump_stack_lvl+0x151/0x1b7 [ 1776.143544][T26385] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1776.149015][T26385] dump_stack+0x15/0x17 [ 1776.153004][T26385] should_fail+0x3c6/0x510 [ 1776.157256][T26385] __should_failslab+0xa4/0xe0 [ 1776.161855][T26385] ? anon_vma_fork+0x1df/0x4e0 [ 1776.166454][T26385] should_failslab+0x9/0x20 [ 1776.170799][T26385] slab_pre_alloc_hook+0x37/0xd0 [ 1776.175573][T26385] ? anon_vma_fork+0x1df/0x4e0 [ 1776.180169][T26385] kmem_cache_alloc+0x44/0x200 [ 1776.184772][T26385] anon_vma_fork+0x1df/0x4e0 [ 1776.189197][T26385] copy_mm+0xa3a/0x13e0 [ 1776.193192][T26385] ? copy_signal+0x610/0x610 [ 1776.197615][T26385] ? __init_rwsem+0xd6/0x1c0 [ 1776.202042][T26385] ? copy_signal+0x4e3/0x610 [ 1776.206465][T26385] copy_process+0x1149/0x3290 [ 1776.210983][T26385] ? proc_fail_nth_write+0x20b/0x290 [ 1776.216102][T26385] ? fsnotify_perm+0x6a/0x5d0 [ 1776.221075][T26385] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1776.226090][T26385] ? vfs_write+0x9ec/0x1110 [ 1776.230433][T26385] kernel_clone+0x21e/0x9e0 [ 1776.234770][T26385] ? file_end_write+0x1c0/0x1c0 [ 1776.239456][T26385] ? create_io_thread+0x1e0/0x1e0 [ 1776.244316][T26385] ? mutex_unlock+0xb2/0x260 [ 1776.248745][T26385] ? __mutex_lock_slowpath+0x10/0x10 [ 1776.253866][T26385] __x64_sys_clone+0x23f/0x290 [ 1776.258464][T26385] ? __do_sys_vfork+0x130/0x130 [ 1776.263150][T26385] ? ksys_write+0x260/0x2c0 [ 1776.267492][T26385] ? debug_smp_processor_id+0x17/0x20 [ 1776.272696][T26385] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1776.278601][T26385] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1776.284067][T26385] do_syscall_64+0x3d/0xb0 [ 1776.288321][T26385] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1776.294050][T26385] RIP: 0033:0x7f0ca8db8da9 [ 1776.298301][T26385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1776.317741][T26385] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1776.325986][T26385] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1776.333797][T26385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1776.341609][T26385] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff94, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000280100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000008500000008"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.349573][T26385] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1776.357372][T26385] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1776.365192][T26385] [ 1776.369126][T26385] ------------[ cut here ]------------ 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000380100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff95, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1776.390283][T26385] refcount_t: underflow; use-after-free. [ 1776.400629][T26385] WARNING: CPU: 0 PID: 26385 at lib/refcount.c:28 refcount_warn_saturate+0x158/0x1a0 07:46:00 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000008500000008"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff97, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff9c, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1776.437869][T26385] Modules linked in: [ 1776.454648][T26385] CPU: 1 PID: 26385 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1776.467577][T26385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.493434][T26385] RIP: 0010:refcount_warn_saturate+0x158/0x1a0 [ 1776.504181][T26385] Code: 04 01 48 c7 c7 40 c8 82 85 e8 e4 9e dc fe 0f 0b eb 8b e8 6b 49 0b ff c6 05 73 8e 9e 04 01 48 c7 c7 a0 c8 82 85 e8 c8 9e dc fe <0f> 0b e9 6c ff ff ff e8 4c 49 0b ff c6 05 55 8e 9e 04 01 48 c7 c7 [ 1776.525395][T26385] RSP: 0018:ffffc90002477968 EFLAGS: 00010246 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffff9f, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffa4, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xb00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.537397][T26385] RAX: bdb89093d205a300 RBX: 0000000000000003 RCX: 0000000000040000 [ 1776.552560][T26385] RDX: ffffc90001bf9000 RSI: 0000000000018aaa RDI: 0000000000018aab [ 1776.562798][T26385] RBP: ffffc90002477978 R08: ffffffff81575f25 R09: ffffed103ee065e8 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffa5, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085000000080000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffa6, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1776.601628][T26385] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102ac77214 [ 1776.619548][T26385] R13: ffff8881563b90a0 R14: 0000000000000003 R15: ffff88810ea03871 [ 1776.636726][T26385] FS: 00007f0ca7b3a6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffa7, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.653067][T26385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1776.665465][T26385] CR2: 00007fc549ecd6c6 CR3: 000000010e6b1000 CR4: 00000000003506a0 [ 1776.680615][T26385] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1776.692356][T26385] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffac, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x1100, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1776.712292][T26385] Call Trace: [ 1776.716644][T26385] [ 1776.728900][T26385] ? show_regs+0x58/0x60 [ 1776.735976][T26385] ? __warn+0x160/0x2f0 [ 1776.743166][T26385] ? refcount_warn_saturate+0x158/0x1a0 [ 1776.748841][T26385] ? report_bug+0x3d9/0x5b0 [ 1776.753184][T26385] ? refcount_warn_saturate+0x158/0x1a0 [ 1776.758610][T26385] ? handle_bug+0x41/0x70 [ 1776.762723][T26385] ? exc_invalid_op+0x1b/0x50 [ 1776.767452][T26385] ? asm_exc_invalid_op+0x1b/0x20 [ 1776.772382][T26385] ? __wake_up_klogd+0xd5/0x110 [ 1776.777397][T26385] ? refcount_warn_saturate+0x158/0x1a0 [ 1776.782868][T26385] ? refcount_warn_saturate+0x158/0x1a0 [ 1776.788293][T26385] vm_area_free_no_check+0x123/0x130 [ 1776.793453][T26385] copy_mm+0xefb/0x13e0 [ 1776.797525][T26385] ? copy_signal+0x610/0x610 [ 1776.801866][T26385] ? __init_rwsem+0xd6/0x1c0 [ 1776.806315][T26385] ? copy_signal+0x4e3/0x610 [ 1776.810719][T26385] copy_process+0x1149/0x3290 [ 1776.815232][T26385] ? proc_fail_nth_write+0x20b/0x290 [ 1776.820381][T26385] ? fsnotify_perm+0x6a/0x5d0 [ 1776.824864][T26385] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1776.829840][T26385] ? vfs_write+0x9ec/0x1110 [ 1776.834152][T26385] kernel_clone+0x21e/0x9e0 [ 1776.838513][T26385] ? file_end_write+0x1c0/0x1c0 [ 1776.843176][T26385] ? create_io_thread+0x1e0/0x1e0 [ 1776.848075][T26385] ? mutex_unlock+0xb2/0x260 [ 1776.852462][T26385] ? __mutex_lock_slowpath+0x10/0x10 [ 1776.857610][T26385] __x64_sys_clone+0x23f/0x290 [ 1776.862184][T26385] ? __do_sys_vfork+0x130/0x130 [ 1776.866903][T26385] ? ksys_write+0x260/0x2c0 [ 1776.871215][T26385] ? debug_smp_processor_id+0x17/0x20 [ 1776.876442][T26385] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1776.882319][T26385] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1776.887816][T26385] do_syscall_64+0x3d/0xb0 [ 1776.892038][T26385] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1776.897793][T26385] RIP: 0033:0x7f0ca8db8da9 [ 1776.902019][T26385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1776.921519][T26385] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1776.929733][T26385] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1776.937559][T26385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 [ 1776.945328][T26385] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1776.953139][T26385] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 07:46:00 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 79) 07:46:00 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085000000080000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:46:00 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffad, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x1800, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:00 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffae, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1776.960979][T26385] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1776.968783][T26385] [ 1776.971647][T26385] ---[ end trace 9a2ef2ab9b837c1b ]--- [ 1777.023168][T26462] FAULT_INJECTION: forcing a failure. [ 1777.023168][T26462] name failslab, interval 1, probability 0, space 0, times 0 [ 1777.036247][T26462] CPU: 0 PID: 26462 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1777.047793][T26462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1777.057694][T26462] Call Trace: [ 1777.060811][T26462] [ 1777.063590][T26462] dump_stack_lvl+0x151/0x1b7 [ 1777.068104][T26462] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1777.073566][T26462] ? avc_denied+0x1b0/0x1b0 [ 1777.077904][T26462] dump_stack+0x15/0x17 [ 1777.081894][T26462] should_fail+0x3c6/0x510 [ 1777.086149][T26462] __should_failslab+0xa4/0xe0 [ 1777.090749][T26462] ? vm_area_dup+0x26/0x230 [ 1777.095089][T26462] should_failslab+0x9/0x20 [ 1777.099429][T26462] slab_pre_alloc_hook+0x37/0xd0 [ 1777.104200][T26462] ? vm_area_dup+0x26/0x230 [ 1777.108539][T26462] kmem_cache_alloc+0x44/0x200 [ 1777.113143][T26462] vm_area_dup+0x26/0x230 [ 1777.117307][T26462] copy_mm+0x9a1/0x13e0 [ 1777.121303][T26462] ? copy_signal+0x610/0x610 [ 1777.125723][T26462] ? __init_rwsem+0xd6/0x1c0 [ 1777.130152][T26462] ? copy_signal+0x4e3/0x610 [ 1777.134578][T26462] copy_process+0x1149/0x3290 [ 1777.139092][T26462] ? proc_fail_nth_write+0x20b/0x290 [ 1777.144211][T26462] ? fsnotify_perm+0x6a/0x5d0 [ 1777.148815][T26462] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1777.153758][T26462] ? vfs_write+0x9ec/0x1110 [ 1777.158190][T26462] kernel_clone+0x21e/0x9e0 [ 1777.162525][T26462] ? file_end_write+0x1c0/0x1c0 [ 1777.167212][T26462] ? create_io_thread+0x1e0/0x1e0 [ 1777.172070][T26462] ? mutex_unlock+0xb2/0x260 [ 1777.176515][T26462] ? __mutex_lock_slowpath+0x10/0x10 [ 1777.181631][T26462] __x64_sys_clone+0x23f/0x290 [ 1777.186218][T26462] ? __do_sys_vfork+0x130/0x130 [ 1777.190904][T26462] ? ksys_write+0x260/0x2c0 [ 1777.195244][T26462] ? debug_smp_processor_id+0x17/0x20 [ 1777.200452][T26462] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1777.206354][T26462] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1777.211821][T26462] do_syscall_64+0x3d/0xb0 [ 1777.216076][T26462] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1777.221804][T26462] RIP: 0033:0x7f0ca8db8da9 [ 1777.226059][T26462] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1777.245597][T26462] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1777.253827][T26462] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1777.261639][T26462] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:46:01 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x1f00, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:01 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000001f000000000000f10095"], &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x87, 0x0, 0x5, 0x5, 0x0, 0x100000001, 0x40, 0x9, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7e3c, 0x1e356d7d}, 0x18404, 0x1, 0x5, 0x6, 0x8, 0x3b6, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffe1}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085000000080000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000006b00", @ANYRES32=r3], &(0x7f0000000400)='syzkaller\x00', 0xfff, 0xe3, &(0x7f0000000580)=""/227, 0x0, 0x4, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x6, 0x81, 0x9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r3, r3, r3, r2]}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) 07:46:01 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffaf, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:01 executing program 0: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000280), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001080)=ANY=[@ANYBLOB="1808000000000000000000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca90000000000003509010000000000950a000000000000b7020000000000007baaf8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf7400000000000007040000f0ffffff540200000800000018200000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000005000000b7000000000000009500000000000000f64cc9ad86cf49"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 07:46:01 executing program 2: syz_clone(0x38008000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 80) 07:46:01 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1777.269449][T26462] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1777.277260][T26462] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1777.285074][T26462] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1777.292893][T26462] 07:46:01 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) 07:46:01 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xffffffb4, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 1777.353520][T26477] general protection fault, probably for non-canonical address 0xdffffc1800000002: 0000 [#1] PREEMPT SMP KASAN [ 1777.365089][T26477] KASAN: probably user-memory-access in range [0x000000c000000010-0x000000c000000017] [ 1777.374469][T26477] CPU: 1 PID: 26477 Comm: syz-executor.2 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 1777.385998][T26477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 1777.395982][T26477] RIP: 0010:__rb_insert_augmented+0x599/0x610 [ 1777.401883][T26477] Code: 49 89 5d 00 48 83 e3 fc 43 80 3c 26 00 74 08 4c 89 ff e8 ea 06 2b ff 4d 89 2f 48 85 db 74 2a 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 28 06 2b ff 48 8d 43 08 4c 39 7b [ 1777.421322][T26477] RSP: 0018:ffffc90000b778f8 EFLAGS: 00010202 [ 1777.427222][T26477] RAX: 0000001800000002 RBX: 000000c000000000 RCX: 0000000000040000 [ 1777.435041][T26477] RDX: ffffc90001bf9000 RSI: 000000000000b4ad RDI: 000000000000b4ae [ 1777.442846][T26477] RBP: ffffc90000b77960 R08: dffffc0000000000 R09: ffff8881ebefe628 [ 1777.450658][T26477] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 1777.458478][T26477] R13: ffff88810c01ee38 R14: 000000c000000010 R15: ffff88810ea03870 [ 1777.466293][T26477] FS: 00007f0ca7b3a6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1777.475048][T26477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1777.481471][T26477] CR2: 00007f0ca7b39ff8 CR3: 0000000157186000 CR4: 00000000003506a0 [ 1777.489283][T26477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1777.497091][T26477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1777.504901][T26477] Call Trace: [ 1777.508028][T26477] [ 1777.510950][T26477] ? __die_body+0x62/0xb0 [ 1777.515067][T26477] ? die_addr+0x9f/0xd0 [ 1777.519050][T26477] ? exc_general_protection+0x311/0x4b0 [ 1777.524439][T26477] ? asm_exc_general_protection+0x27/0x30 [ 1777.529987][T26477] ? __rb_insert_augmented+0x599/0x610 [ 1777.535281][T26477] ? __rb_insert_augmented+0x4ad/0x610 [ 1777.541095][T26477] ? anon_vma_interval_tree_iter_next+0x390/0x390 [ 1777.547345][T26477] vma_interval_tree_insert_after+0x2be/0x2d0 [ 1777.553247][T26477] copy_mm+0xba2/0x13e0 [ 1777.557240][T26477] ? copy_signal+0x610/0x610 [ 1777.561663][T26477] ? __init_rwsem+0xd6/0x1c0 [ 1777.566090][T26477] ? copy_signal+0x4e3/0x610 [ 1777.570517][T26477] copy_process+0x1149/0x3290 [ 1777.575033][T26477] ? proc_fail_nth_write+0x20b/0x290 [ 1777.580149][T26477] ? fsnotify_perm+0x6a/0x5d0 [ 1777.584666][T26477] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1777.589614][T26477] ? vfs_write+0x9ec/0x1110 [ 1777.593951][T26477] kernel_clone+0x21e/0x9e0 [ 1777.598291][T26477] ? file_end_write+0x1c0/0x1c0 [ 1777.602977][T26477] ? create_io_thread+0x1e0/0x1e0 [ 1777.607834][T26477] ? mutex_unlock+0xb2/0x260 [ 1777.612261][T26477] ? __mutex_lock_slowpath+0x10/0x10 [ 1777.617386][T26477] __x64_sys_clone+0x23f/0x290 [ 1777.621986][T26477] ? __do_sys_vfork+0x130/0x130 [ 1777.626670][T26477] ? ksys_write+0x260/0x2c0 [ 1777.631013][T26477] ? debug_smp_processor_id+0x17/0x20 [ 1777.636215][T26477] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1777.642118][T26477] ? exit_to_user_mode_prepare+0x39/0xa0 [ 1777.647592][T26477] do_syscall_64+0x3d/0xb0 [ 1777.651840][T26477] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1777.657570][T26477] RIP: 0033:0x7f0ca8db8da9 [ 1777.661822][T26477] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1777.681264][T26477] RSP: 002b:00007f0ca7b3a078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1777.689509][T26477] RAX: ffffffffffffffda RBX: 00007f0ca8ee6f80 RCX: 00007f0ca8db8da9 [ 1777.697319][T26477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000038008000 07:46:01 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x2, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x2500, 0x0, 0x0, 0x0, 0x0, 0x68000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c, 0x0, 0x8}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000540)=""/241}, 0x80) [ 1777.705128][T26477] RBP: 00007f0ca7b3a120 R08: 0000000000000000 R09: 0000000000000000 [ 1777.712939][T26477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 1777.720754][T26477] R13: 000000000000000b R14: 00007f0ca8ee6f80 R15: 00007ffeaa65bec8 [ 1777.728567][T26477] [ 1777.731426][T26477] Modules linked in: [ 1777.744055][T26477] ---[ end trace 9a2ef2ab9b837c1c ]--- [ 1777.750091][T26477] RIP: 0010:__rb_insert_augmented+0x599/0x610 [ 1777.756412][T26477] Code: 49 89 5d 00 48 83 e3 fc 43 80 3c 26 00 74 08 4c 89 ff e8 ea 06 2b ff 4d 89 2f 48 85 db 74 2a 4c 8d 73 10 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 28 06 2b ff 48 8d 43 08 4c 39 7b [ 1777.776480][T26477] RSP: 0018:ffffc90000b778f8 EFLAGS: 00010202 [ 1777.782490][T26477] RAX: 0000001800000002 RBX: 000000c000000000 RCX: 0000000000040000 [ 1777.791228][T26477] RDX: ffffc90001bf9000 RSI: 000000000000b4ad RDI: 000000000000b4ae [ 1777.799218][T26477] RBP: ffffc90000b77960 R08: dffffc0000000000 R09: ffff8881ebefe628 [ 1777.807192][T26477] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 1777.815055][T26477] R13: ffff88810c01ee38 R14: 000000c000000010 R15: ffff88810ea03870 [ 1777.822930][T26477] FS: 00007f0ca7b3a6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1777.831824][T26477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1777.838371][T26477] CR2: 00005555564a5430 CR3: 0000000157186000 CR4: 00000000003506a0 [ 1777.846226][T26477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1777.854011][T26477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1777.861875][T26477] Kernel panic - not syncing: Fatal exception [ 1777.867890][T26477] Kernel Offset: disabled [ 1777.872017][T26477] Rebooting in 86400 seconds..