0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)

22:39:49 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000600001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:49 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xb000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:49 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0xc000)

[ 2218.528811][T24778] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2218.536623][T24778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2218.544429][T24778] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2218.552241][T24778] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 2218.560056][T24778] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2218.567873][T24778]  </TASK>
[ 2218.618372][T24792] FAULT_INJECTION: forcing a failure.
[ 2218.618372][T24792] name failslab, interval 1, probability 0, space 0, times 0
[ 2218.638438][T24792] CPU: 0 PID: 24792 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2218.648615][T24792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2218.658511][T24792] Call Trace:
[ 2218.661632][T24792]  <TASK>
22:39:49 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000610001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2218.664412][T24792]  dump_stack_lvl+0x151/0x1b7
[ 2218.669102][T24792]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2218.674570][T24792]  dump_stack+0x15/0x17
[ 2218.678560][T24792]  should_fail+0x3c6/0x510
[ 2218.682989][T24792]  __should_failslab+0xa4/0xe0
[ 2218.687575][T24792]  should_failslab+0x9/0x20
[ 2218.692018][T24792]  slab_pre_alloc_hook+0x37/0xd0
[ 2218.696763][T24792]  __kmalloc+0x6d/0x270
[ 2218.700760][T24792]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2218.705965][T24792]  __vmalloc_node_range+0x2d6/0x8d0
[ 2218.710995][T24792]  ? dup_task_struct+0x53/0xc60
[ 2218.715694][T24792]  dup_task_struct+0x416/0xc60
[ 2218.720280][T24792]  ? copy_process+0x5c4/0x3290
[ 2218.724882][T24792]  copy_process+0x5c4/0x3290
[ 2218.729309][T24792]  ? timerqueue_add+0x250/0x270
[ 2218.734002][T24792]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2218.738939][T24792]  ? enqueue_hrtimer+0xca/0x240
[ 2218.743628][T24792]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2218.748837][T24792]  kernel_clone+0x21e/0x9e0
[ 2218.753184][T24792]  ? create_io_thread+0x1e0/0x1e0
[ 2218.758037][T24792]  ? clockevents_program_event+0x22f/0x300
[ 2218.763682][T24792]  __x64_sys_clone+0x23f/0x290
[ 2218.768276][T24792]  ? __do_sys_vfork+0x130/0x130
[ 2218.772996][T24792]  ? debug_smp_processor_id+0x17/0x20
[ 2218.778186][T24792]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2218.784075][T24792]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2218.789551][T24792]  do_syscall_64+0x3d/0xb0
[ 2218.793799][T24792]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2218.799439][T24792]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2218.805177][T24792] RIP: 0033:0x7fbee4946da9
[ 2218.809421][T24792] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2218.829024][T24792] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2218.837254][T24792] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2218.845075][T24792] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2218.852876][T24792] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2218.860691][T24792] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xc000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:50 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0xd000)

22:39:50 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], 0x0, <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xd000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:50 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)

22:39:50 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000620001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2218.868513][T24792] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2218.876318][T24792]  </TASK>
22:39:50 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0xe000)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xe000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xf000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x10000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2218.972714][T24812] FAULT_INJECTION: forcing a failure.
[ 2218.972714][T24812] name failslab, interval 1, probability 0, space 0, times 0
[ 2218.999965][T24812] CPU: 0 PID: 24812 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2219.010233][T24812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2219.020236][T24812] Call Trace:
[ 2219.023357][T24812]  <TASK>
[ 2219.026145][T24812]  dump_stack_lvl+0x151/0x1b7
[ 2219.030640][T24812]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2219.036120][T24812]  dump_stack+0x15/0x17
[ 2219.040104][T24812]  should_fail+0x3c6/0x510
[ 2219.044353][T24812]  __should_failslab+0xa4/0xe0
[ 2219.048958][T24812]  should_failslab+0x9/0x20
[ 2219.053299][T24812]  slab_pre_alloc_hook+0x37/0xd0
[ 2219.058068][T24812]  __kmalloc+0x6d/0x270
[ 2219.062062][T24812]  ? __vmalloc_node_range+0x1b6/0x8d0
[ 2219.067269][T24812]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2219.072481][T24812]  __vmalloc_node_range+0x2d6/0x8d0
[ 2219.077510][T24812]  ? dup_task_struct+0x53/0xc60
[ 2219.082196][T24812]  ? dup_task_struct+0x53/0xc60
[ 2219.086884][T24812]  dup_task_struct+0x416/0xc60
[ 2219.091569][T24812]  ? copy_process+0x5c4/0x3290
[ 2219.096173][T24812]  copy_process+0x5c4/0x3290
[ 2219.100600][T24812]  ? timerqueue_add+0x250/0x270
[ 2219.105282][T24812]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2219.110233][T24812]  ? enqueue_hrtimer+0xca/0x240
[ 2219.114917][T24812]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2219.120143][T24812]  kernel_clone+0x21e/0x9e0
[ 2219.124466][T24812]  ? create_io_thread+0x1e0/0x1e0
[ 2219.129325][T24812]  ? clockevents_program_event+0x22f/0x300
[ 2219.134972][T24812]  __x64_sys_clone+0x23f/0x290
[ 2219.139568][T24812]  ? __do_sys_vfork+0x130/0x130
[ 2219.144474][T24812]  ? debug_smp_processor_id+0x17/0x20
[ 2219.149680][T24812]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2219.155571][T24812]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2219.161127][T24812]  do_syscall_64+0x3d/0xb0
[ 2219.165392][T24812]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2219.171020][T24812]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2219.176840][T24812] RIP: 0033:0x7fbee4946da9
[ 2219.181086][T24812] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2219.200617][T24812] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2219.208860][T24812] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:50 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000630001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:50 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0xf000)

22:39:50 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x11000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2219.216689][T24812] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2219.224481][T24812] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2219.232339][T24812] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 2219.240195][T24812] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2219.248009][T24812]  </TASK>
22:39:50 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000690001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:50 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x11000)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x12000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2219.314042][T24827] FAULT_INJECTION: forcing a failure.
[ 2219.314042][T24827] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2219.344226][T24827] CPU: 0 PID: 24827 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2219.354489][T24827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2219.364394][T24827] Call Trace:
[ 2219.367528][T24827]  <TASK>
[ 2219.370412][T24827]  dump_stack_lvl+0x151/0x1b7
[ 2219.374953][T24827]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2219.380562][T24827]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2219.386035][T24827]  ? __wake_up_klogd+0xd5/0x110
[ 2219.390734][T24827]  dump_stack+0x15/0x17
[ 2219.394709][T24827]  should_fail+0x3c6/0x510
[ 2219.398958][T24827]  should_fail_alloc_page+0x5a/0x80
[ 2219.404002][T24827]  prepare_alloc_pages+0x15c/0x700
[ 2219.408940][T24827]  ? __alloc_pages+0x8f0/0x8f0
[ 2219.413536][T24827]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2219.418595][T24827]  __alloc_pages+0x18c/0x8f0
[ 2219.423016][T24827]  ? prep_new_page+0x110/0x110
[ 2219.427612][T24827]  ? __kasan_kmalloc+0x9/0x10
[ 2219.432118][T24827]  ? __kmalloc+0x13a/0x270
[ 2219.436467][T24827]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2219.441659][T24827]  __vmalloc_node_range+0x482/0x8d0
[ 2219.447305][T24827]  dup_task_struct+0x416/0xc60
[ 2219.451900][T24827]  ? copy_process+0x5c4/0x3290
[ 2219.456498][T24827]  ? __kasan_check_write+0x14/0x20
[ 2219.461448][T24827]  copy_process+0x5c4/0x3290
[ 2219.465891][T24827]  ? timerqueue_add+0x250/0x270
[ 2219.470568][T24827]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2219.475522][T24827]  ? enqueue_hrtimer+0xca/0x240
[ 2219.480284][T24827]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2219.485505][T24827]  kernel_clone+0x21e/0x9e0
[ 2219.489966][T24827]  ? irqentry_exit+0x30/0x40
[ 2219.494339][T24827]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2219.500251][T24827]  ? create_io_thread+0x1e0/0x1e0
[ 2219.505556][T24827]  __x64_sys_clone+0x23f/0x290
[ 2219.510154][T24827]  ? __do_sys_vfork+0x130/0x130
[ 2219.514956][T24827]  ? debug_smp_processor_id+0x17/0x20
[ 2219.520209][T24827]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2219.526069][T24827]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2219.531528][T24827]  do_syscall_64+0x3d/0xb0
[ 2219.535792][T24827]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2219.541420][T24827]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2219.547145][T24827] RIP: 0033:0x7fbee4946da9
[ 2219.551692][T24827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2219.571213][T24827] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2219.579548][T24827] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2219.587369][T24827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2219.595309][T24827] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2219.603133][T24827] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
22:39:50 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x12000)

22:39:50 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], 0x0, <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:50 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x13000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x14000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)

[ 2219.610921][T24827] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2219.618734][T24827]  </TASK>
22:39:51 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000006a0001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:51 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x13000)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x15000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2219.710688][T24847] FAULT_INJECTION: forcing a failure.
[ 2219.710688][T24847] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2219.726109][T24847] CPU: 1 PID: 24847 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2219.736273][T24847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2219.746165][T24847] Call Trace:
[ 2219.749286][T24847]  <TASK>
[ 2219.752065][T24847]  dump_stack_lvl+0x151/0x1b7
[ 2219.756579][T24847]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2219.762046][T24847]  ? __stack_depot_save+0x34/0x470
[ 2219.766995][T24847]  dump_stack+0x15/0x17
[ 2219.771019][T24847]  should_fail+0x3c6/0x510
[ 2219.775352][T24847]  should_fail_alloc_page+0x5a/0x80
[ 2219.780370][T24847]  prepare_alloc_pages+0x15c/0x700
[ 2219.785321][T24847]  ? __alloc_pages+0x8f0/0x8f0
[ 2219.789919][T24847]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2219.794952][T24847]  __alloc_pages+0x18c/0x8f0
[ 2219.799386][T24847]  ? prep_new_page+0x110/0x110
[ 2219.803984][T24847]  ? __kasan_kmalloc+0x9/0x10
[ 2219.808491][T24847]  ? __kmalloc+0x13a/0x270
[ 2219.812948][T24847]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2219.818132][T24847]  __vmalloc_node_range+0x482/0x8d0
[ 2219.823163][T24847]  dup_task_struct+0x416/0xc60
[ 2219.827760][T24847]  ? copy_process+0x5c4/0x3290
[ 2219.832360][T24847]  copy_process+0x5c4/0x3290
[ 2219.836788][T24847]  ? irqentry_exit+0x30/0x40
[ 2219.841221][T24847]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2219.847406][T24847]  ? vfs_write+0x506/0x1110
[ 2219.851745][T24847]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2219.856699][T24847]  ? vfs_write+0x9ec/0x1110
[ 2219.861031][T24847]  ? irqentry_exit+0x30/0x40
[ 2219.865543][T24847]  kernel_clone+0x21e/0x9e0
[ 2219.869884][T24847]  ? file_end_write+0x1c0/0x1c0
[ 2219.874663][T24847]  ? create_io_thread+0x1e0/0x1e0
[ 2219.879517][T24847]  ? mutex_unlock+0xb2/0x260
[ 2219.883943][T24847]  ? __mutex_lock_slowpath+0x10/0x10
[ 2219.889065][T24847]  __x64_sys_clone+0x23f/0x290
[ 2219.893664][T24847]  ? __do_sys_vfork+0x130/0x130
[ 2219.898349][T24847]  ? ksys_write+0x260/0x2c0
[ 2219.902690][T24847]  ? debug_smp_processor_id+0x17/0x20
[ 2219.907896][T24847]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2219.913810][T24847]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2219.919279][T24847]  do_syscall_64+0x3d/0xb0
[ 2219.923616][T24847]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2219.929425][T24847]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2219.935151][T24847] RIP: 0033:0x7fbee4946da9
[ 2219.939422][T24847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2219.958930][T24847] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2219.967182][T24847] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2219.974988][T24847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2219.982897][T24847] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2219.995211][T24847] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 2220.003266][T24847] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x16000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000006b0001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x17000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

[ 2220.011610][T24847]  </TASK>
22:39:51 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x14000)

22:39:51 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000700001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x18000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2220.088465][T24860] FAULT_INJECTION: forcing a failure.
[ 2220.088465][T24860] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2220.105407][T24860] CPU: 0 PID: 24860 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2220.115713][T24860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2220.125588][T24860] Call Trace:
[ 2220.128718][T24860]  <TASK>
[ 2220.131584][T24860]  dump_stack_lvl+0x151/0x1b7
[ 2220.136203][T24860]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2220.141815][T24860]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2220.147282][T24860]  ? __wake_up_klogd+0xd5/0x110
[ 2220.151970][T24860]  dump_stack+0x15/0x17
[ 2220.155959][T24860]  should_fail+0x3c6/0x510
[ 2220.160219][T24860]  should_fail_alloc_page+0x5a/0x80
[ 2220.165247][T24860]  prepare_alloc_pages+0x15c/0x700
[ 2220.170194][T24860]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2220.175231][T24860]  __alloc_pages+0x18c/0x8f0
[ 2220.179655][T24860]  ? prep_new_page+0x110/0x110
[ 2220.184259][T24860]  ? __kasan_kmalloc+0x9/0x10
[ 2220.188767][T24860]  ? __kmalloc+0x13a/0x270
[ 2220.193019][T24860]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2220.198242][T24860]  __vmalloc_node_range+0x482/0x8d0
[ 2220.203265][T24860]  dup_task_struct+0x416/0xc60
[ 2220.207956][T24860]  ? copy_process+0x5c4/0x3290
[ 2220.212677][T24860]  copy_process+0x5c4/0x3290
[ 2220.217077][T24860]  ? timerqueue_add+0x250/0x270
[ 2220.221775][T24860]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2220.226796][T24860]  ? enqueue_hrtimer+0xca/0x240
[ 2220.231481][T24860]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2220.236689][T24860]  kernel_clone+0x21e/0x9e0
[ 2220.241047][T24860]  ? create_io_thread+0x1e0/0x1e0
[ 2220.245888][T24860]  ? clockevents_program_event+0x22f/0x300
[ 2220.251537][T24860]  __x64_sys_clone+0x23f/0x290
[ 2220.256130][T24860]  ? __do_sys_vfork+0x130/0x130
[ 2220.260821][T24860]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2220.266640][T24860]  do_syscall_64+0x3d/0xb0
[ 2220.270904][T24860]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2220.276764][T24860]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2220.282492][T24860] RIP: 0033:0x7fbee4946da9
[ 2220.286748][T24860] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2220.306274][T24860] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2220.314607][T24860] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2220.322698][T24860] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2220.330508][T24860] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:39:51 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x15000)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x19000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], 0x0, <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:51 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000710001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2220.338328][T24860] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2220.346127][T24860] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2220.353944][T24860]  </TASK>
22:39:51 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1a000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x16000)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1b000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:51 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000720001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:51 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1c000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2220.480912][T24883] FAULT_INJECTION: forcing a failure.
[ 2220.480912][T24883] name failslab, interval 1, probability 0, space 0, times 0
[ 2220.509878][T24883] CPU: 0 PID: 24883 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2220.520070][T24883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
22:39:51 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x17000)

[ 2220.530053][T24883] Call Trace:
[ 2220.533166][T24883]  <TASK>
[ 2220.535952][T24883]  dump_stack_lvl+0x151/0x1b7
[ 2220.540455][T24883]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2220.545929][T24883]  dump_stack+0x15/0x17
[ 2220.549919][T24883]  should_fail+0x3c6/0x510
[ 2220.555469][T24883]  __should_failslab+0xa4/0xe0
[ 2220.560063][T24883]  ? copy_signal+0x55/0x610
[ 2220.564406][T24883]  should_failslab+0x9/0x20
[ 2220.568744][T24883]  slab_pre_alloc_hook+0x37/0xd0
[ 2220.573517][T24883]  ? copy_signal+0x55/0x610
[ 2220.577857][T24883]  kmem_cache_alloc+0x44/0x200
[ 2220.582621][T24883]  ? _raw_spin_unlock_irq+0x49/0x70
[ 2220.587666][T24883]  copy_signal+0x55/0x610
[ 2220.591832][T24883]  copy_process+0x1101/0x3290
[ 2220.596347][T24883]  ? timerqueue_add+0x250/0x270
[ 2220.601120][T24883]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2220.606068][T24883]  kernel_clone+0x21e/0x9e0
[ 2220.610408][T24883]  ? create_io_thread+0x1e0/0x1e0
[ 2220.615268][T24883]  __x64_sys_clone+0x23f/0x290
[ 2220.619868][T24883]  ? __do_sys_vfork+0x130/0x130
[ 2220.624728][T24883]  ? debug_smp_processor_id+0x17/0x20
[ 2220.629933][T24883]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2220.635976][T24883]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2220.641439][T24883]  do_syscall_64+0x3d/0xb0
[ 2220.645688][T24883]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2220.651336][T24883]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2220.657069][T24883] RIP: 0033:0x7fbee4946da9
[ 2220.661314][T24883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1d000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2220.680956][T24883] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2220.689179][T24883] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2220.697096][T24883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2220.704906][T24883] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2220.712715][T24883] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2220.720515][T24883] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2220.728334][T24883]  </TASK>
22:39:52 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000730001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1e000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x18000)

22:39:52 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

22:39:52 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000140), <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1f000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000790001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x20000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x19000)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x21000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000007a0001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2220.836449][T24906] FAULT_INJECTION: forcing a failure.
[ 2220.836449][T24906] name fail_page_alloc, interval 1, probability 0, space 0, times 0
22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x22000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2220.904357][T24906] CPU: 0 PID: 24906 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2220.914527][T24906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2220.924423][T24906] Call Trace:
[ 2220.927548][T24906]  <TASK>
[ 2220.930332][T24906]  dump_stack_lvl+0x151/0x1b7
[ 2220.934841][T24906]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2220.940310][T24906]  ? __stack_depot_save+0x34/0x470
[ 2220.945277][T24906]  dump_stack+0x15/0x17
[ 2220.949245][T24906]  should_fail+0x3c6/0x510
[ 2220.953501][T24906]  should_fail_alloc_page+0x5a/0x80
[ 2220.958537][T24906]  prepare_alloc_pages+0x15c/0x700
[ 2220.963477][T24906]  ? __alloc_pages+0x8f0/0x8f0
[ 2220.968100][T24906]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2220.973192][T24906]  __alloc_pages+0x18c/0x8f0
[ 2220.977715][T24906]  ? prep_new_page+0x110/0x110
[ 2220.982310][T24906]  ? __kasan_kmalloc+0x9/0x10
[ 2220.986833][T24906]  ? __kmalloc+0x13a/0x270
[ 2220.991080][T24906]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2220.996366][T24906]  __vmalloc_node_range+0x482/0x8d0
[ 2221.001408][T24906]  dup_task_struct+0x416/0xc60
[ 2221.006087][T24906]  ? copy_process+0x5c4/0x3290
[ 2221.010685][T24906]  ? __kasan_check_write+0x14/0x20
[ 2221.015635][T24906]  copy_process+0x5c4/0x3290
[ 2221.020058][T24906]  ? __kasan_check_write+0x14/0x20
[ 2221.025005][T24906]  ? proc_fail_nth_write+0x20b/0x290
[ 2221.030127][T24906]  ? selinux_file_permission+0x2c4/0x570
[ 2221.035694][T24906]  ? fsnotify_perm+0x6a/0x5d0
[ 2221.040195][T24906]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2221.045142][T24906]  ? irqentry_exit+0x30/0x40
[ 2221.049591][T24906]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2221.055215][T24906]  kernel_clone+0x21e/0x9e0
[ 2221.059550][T24906]  ? ksys_write+0x219/0x2c0
[ 2221.063891][T24906]  ? create_io_thread+0x1e0/0x1e0
[ 2221.068751][T24906]  ? mutex_unlock+0xb2/0x260
[ 2221.073273][T24906]  ? __mutex_lock_slowpath+0x10/0x10
[ 2221.078396][T24906]  __x64_sys_clone+0x23f/0x290
[ 2221.083016][T24906]  ? __do_sys_vfork+0x130/0x130
[ 2221.087831][T24906]  ? ksys_write+0x260/0x2c0
[ 2221.092171][T24906]  ? debug_smp_processor_id+0x17/0x20
[ 2221.097362][T24906]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2221.103265][T24906]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2221.108751][T24906]  do_syscall_64+0x3d/0xb0
[ 2221.113071][T24906]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2221.118714][T24906]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2221.124441][T24906] RIP: 0033:0x7fbee4946da9
[ 2221.128695][T24906] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x23000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000007b0001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2221.148137][T24906] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2221.156383][T24906] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2221.164193][T24906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2221.172011][T24906] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2221.179825][T24906] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2221.187654][T24906] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2221.195465][T24906]  </TASK>
22:39:52 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000140), <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:52 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1a000)

22:39:52 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x54ac02a0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2221.289308][T24936] FAULT_INJECTION: forcing a failure.
[ 2221.289308][T24936] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2221.304573][T24936] CPU: 1 PID: 24936 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2221.314784][T24936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2221.324636][T24936] Call Trace:
[ 2221.327775][T24936]  <TASK>
[ 2221.330796][T24936]  dump_stack_lvl+0x151/0x1b7
[ 2221.335311][T24936]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2221.340777][T24936]  dump_stack+0x15/0x17
[ 2221.344774][T24936]  should_fail+0x3c6/0x510
[ 2221.349024][T24936]  should_fail_alloc_page+0x5a/0x80
[ 2221.354055][T24936]  prepare_alloc_pages+0x15c/0x700
[ 2221.359024][T24936]  ? __alloc_pages+0x8f0/0x8f0
[ 2221.363643][T24936]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2221.368651][T24936]  __alloc_pages+0x18c/0x8f0
[ 2221.373064][T24936]  ? prep_new_page+0x110/0x110
[ 2221.377664][T24936]  __vmalloc_node_range+0x482/0x8d0
[ 2221.382697][T24936]  dup_task_struct+0x416/0xc60
[ 2221.387293][T24936]  ? copy_process+0x5c4/0x3290
[ 2221.391895][T24936]  copy_process+0x5c4/0x3290
[ 2221.396323][T24936]  ? timerqueue_add+0x250/0x270
[ 2221.401005][T24936]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2221.405953][T24936]  ? enqueue_hrtimer+0xca/0x240
[ 2221.410638][T24936]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2221.415847][T24936]  kernel_clone+0x21e/0x9e0
[ 2221.420192][T24936]  ? create_io_thread+0x1e0/0x1e0
[ 2221.425045][T24936]  ? clockevents_program_event+0x22f/0x300
[ 2221.430687][T24936]  __x64_sys_clone+0x23f/0x290
[ 2221.435289][T24936]  ? __do_sys_vfork+0x130/0x130
[ 2221.439981][T24936]  ? debug_smp_processor_id+0x17/0x20
[ 2221.445184][T24936]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2221.451083][T24936]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2221.456555][T24936]  do_syscall_64+0x3d/0xb0
[ 2221.460807][T24936]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2221.466456][T24936]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2221.472174][T24936] RIP: 0033:0x7fbee4946da9
[ 2221.476432][T24936] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2221.495868][T24936] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2221.504129][T24936] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2221.511926][T24936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2221.519747][T24936] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2221.527546][T24936] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xa002ac54, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:52 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)=[0x0], &(0x7f0000000140), <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:52 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

22:39:52 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1b000)

22:39:52 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xa0030000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

[ 2221.535359][T24936] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2221.543175][T24936]  </TASK>
[ 2221.590630][T24948] FAULT_INJECTION: forcing a failure.
[ 2221.590630][T24948] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2221.604622][T24948] CPU: 1 PID: 24948 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2221.614773][T24948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2221.624670][T24948] Call Trace:
[ 2221.627791][T24948]  <TASK>
[ 2221.630570][T24948]  dump_stack_lvl+0x151/0x1b7
[ 2221.635166][T24948]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2221.640641][T24948]  dump_stack+0x15/0x17
[ 2221.644625][T24948]  should_fail+0x3c6/0x510
[ 2221.648877][T24948]  should_fail_alloc_page+0x5a/0x80
[ 2221.653909][T24948]  prepare_alloc_pages+0x15c/0x700
[ 2221.658854][T24948]  ? __alloc_pages+0x8f0/0x8f0
[ 2221.663456][T24948]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2221.668491][T24948]  __alloc_pages+0x18c/0x8f0
[ 2221.672918][T24948]  ? prep_new_page+0x110/0x110
[ 2221.677530][T24948]  ? __kasan_kmalloc+0x9/0x10
[ 2221.682294][T24948]  ? __kmalloc+0x13a/0x270
[ 2221.686546][T24948]  ? __vmalloc_node_range+0x2d6/0x8d0
[ 2221.691752][T24948]  __vmalloc_node_range+0x482/0x8d0
[ 2221.696787][T24948]  dup_task_struct+0x416/0xc60
[ 2221.701386][T24948]  ? copy_process+0x5c4/0x3290
[ 2221.705985][T24948]  ? __kasan_check_write+0x14/0x20
[ 2221.710932][T24948]  copy_process+0x5c4/0x3290
[ 2221.715356][T24948]  ? __kasan_check_write+0x14/0x20
[ 2221.720320][T24948]  ? proc_fail_nth_write+0x20b/0x290
[ 2221.725425][T24948]  ? selinux_file_permission+0x2c4/0x570
[ 2221.730893][T24948]  ? fsnotify_perm+0x6a/0x5d0
[ 2221.735413][T24948]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2221.740354][T24948]  ? vfs_write+0x9ec/0x1110
[ 2221.744698][T24948]  ? irqentry_exit+0x30/0x40
[ 2221.749124][T24948]  kernel_clone+0x21e/0x9e0
[ 2221.753463][T24948]  ? irqentry_exit+0x30/0x40
[ 2221.757892][T24948]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2221.763528][T24948]  ? create_io_thread+0x1e0/0x1e0
[ 2221.768392][T24948]  __x64_sys_clone+0x23f/0x290
[ 2221.772989][T24948]  ? __do_sys_vfork+0x130/0x130
[ 2221.777672][T24948]  ? ksys_write+0x260/0x2c0
[ 2221.782104][T24948]  ? debug_smp_processor_id+0x17/0x20
[ 2221.787311][T24948]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2221.793212][T24948]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2221.798679][T24948]  do_syscall_64+0x3d/0xb0
[ 2221.802932][T24948]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2221.808575][T24948]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2221.814302][T24948] RIP: 0033:0x7fbee4946da9
[ 2221.818558][T24948] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
22:39:52 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000830001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:39:53 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1c000)

[ 2221.838006][T24948] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2221.846248][T24948] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2221.854055][T24948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2221.861864][T24948] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2221.869675][T24948] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2221.877485][T24948] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2221.885303][T24948]  </TASK>
22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x48)

22:39:53 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000360101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x48)

22:39:53 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x0, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:53 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x48)

22:39:53 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1d000)

22:39:53 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000d00101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x48)

[ 2222.004277][T24972] FAULT_INJECTION: forcing a failure.
[ 2222.004277][T24972] name failslab, interval 1, probability 0, space 0, times 0
[ 2222.024848][T24972] CPU: 1 PID: 24972 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2222.035111][T24972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2222.045094][T24972] Call Trace:
[ 2222.048217][T24972]  <TASK>
[ 2222.050993][T24972]  dump_stack_lvl+0x151/0x1b7
[ 2222.055595][T24972]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2222.061060][T24972]  ? __alloc_pages+0x27e/0x8f0
[ 2222.065662][T24972]  dump_stack+0x15/0x17
[ 2222.069653][T24972]  should_fail+0x3c6/0x510
[ 2222.073918][T24972]  __should_failslab+0xa4/0xe0
[ 2222.078521][T24972]  ? vm_area_dup+0x26/0x230
[ 2222.082916][T24972]  should_failslab+0x9/0x20
[ 2222.087187][T24972]  slab_pre_alloc_hook+0x37/0xd0
[ 2222.092047][T24972]  ? vm_area_dup+0x26/0x230
[ 2222.096387][T24972]  kmem_cache_alloc+0x44/0x200
[ 2222.100982][T24972]  vm_area_dup+0x26/0x230
[ 2222.105162][T24972]  copy_mm+0x9a1/0x13e0
[ 2222.109158][T24972]  ? copy_signal+0x610/0x610
[ 2222.113568][T24972]  ? __init_rwsem+0xd6/0x1c0
[ 2222.118003][T24972]  ? copy_signal+0x4e3/0x610
[ 2222.122421][T24972]  copy_process+0x1149/0x3290
[ 2222.127460][T24972]  ? timerqueue_add+0x250/0x270
[ 2222.132140][T24972]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2222.137189][T24972]  ? enqueue_hrtimer+0xca/0x240
[ 2222.141947][T24972]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2222.147153][T24972]  kernel_clone+0x21e/0x9e0
[ 2222.151494][T24972]  ? create_io_thread+0x1e0/0x1e0
[ 2222.156354][T24972]  ? clockevents_program_event+0x22f/0x300
[ 2222.162004][T24972]  __x64_sys_clone+0x23f/0x290
[ 2222.166604][T24972]  ? __do_sys_vfork+0x130/0x130
[ 2222.171284][T24972]  ? debug_smp_processor_id+0x17/0x20
[ 2222.176494][T24972]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2222.182393][T24972]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2222.187859][T24972]  do_syscall_64+0x3d/0xb0
[ 2222.192109][T24972]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2222.197754][T24972]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2222.203480][T24972] RIP: 0033:0x7fbee4946da9
[ 2222.207735][T24972] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2222.227181][T24972] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2222.235512][T24972] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2222.243327][T24972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:39:53 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x0, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:53 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

22:39:53 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x6, 0x3}, 0x48)

22:39:53 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1e000)

[ 2222.251218][T24972] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2222.259040][T24972] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2222.266839][T24972] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2222.274743][T24972]  </TASK>
22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x7, 0x3}, 0x48)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x8, 0x3}, 0x48)

22:39:53 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x1f000)

22:39:53 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000990301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:53 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x9, 0x3}, 0x48)

22:39:53 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x0, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:53 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000d90301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2222.435364][T24995] FAULT_INJECTION: forcing a failure.
[ 2222.435364][T24995] name failslab, interval 1, probability 0, space 0, times 0
[ 2222.453751][T24995] CPU: 0 PID: 24995 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2222.463917][T24995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2222.473814][T24995] Call Trace:
[ 2222.477020][T24995]  <TASK>
[ 2222.479807][T24995]  dump_stack_lvl+0x151/0x1b7
[ 2222.484397][T24995]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2222.489865][T24995]  ? avc_denied+0x1b0/0x1b0
[ 2222.494206][T24995]  dump_stack+0x15/0x17
[ 2222.498197][T24995]  should_fail+0x3c6/0x510
[ 2222.502451][T24995]  __should_failslab+0xa4/0xe0
[ 2222.507046][T24995]  ? vm_area_dup+0x26/0x230
[ 2222.511398][T24995]  should_failslab+0x9/0x20
[ 2222.515730][T24995]  slab_pre_alloc_hook+0x37/0xd0
[ 2222.520509][T24995]  ? vm_area_dup+0x26/0x230
[ 2222.524842][T24995]  kmem_cache_alloc+0x44/0x200
[ 2222.529440][T24995]  vm_area_dup+0x26/0x230
[ 2222.533606][T24995]  copy_mm+0x9a1/0x13e0
[ 2222.537601][T24995]  ? copy_signal+0x610/0x610
[ 2222.542028][T24995]  ? __init_rwsem+0xd6/0x1c0
[ 2222.546452][T24995]  ? copy_signal+0x4e3/0x610
[ 2222.550878][T24995]  copy_process+0x1149/0x3290
[ 2222.555396][T24995]  ? timerqueue_add+0x250/0x270
[ 2222.560084][T24995]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2222.565039][T24995]  ? enqueue_hrtimer+0xca/0x240
[ 2222.569711][T24995]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2222.574920][T24995]  kernel_clone+0x21e/0x9e0
[ 2222.579259][T24995]  ? irqentry_exit+0x30/0x40
[ 2222.583704][T24995]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2222.589330][T24995]  ? create_io_thread+0x1e0/0x1e0
[ 2222.594201][T24995]  ? __x64_sys_clone+0x7e/0x290
[ 2222.598875][T24995]  __x64_sys_clone+0x23f/0x290
[ 2222.603486][T24995]  ? __do_sys_vfork+0x130/0x130
[ 2222.608175][T24995]  ? debug_smp_processor_id+0x17/0x20
[ 2222.613368][T24995]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2222.619272][T24995]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2222.624829][T24995]  do_syscall_64+0x3d/0xb0
[ 2222.629079][T24995]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2222.634733][T24995]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2222.640454][T24995] RIP: 0033:0x7fbee4946da9
[ 2222.644729][T24995] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2222.664237][T24995] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2222.672475][T24995] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:54 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x20000)

22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xa, 0x3}, 0x48)

22:39:54 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000501000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xb, 0x3}, 0x48)

22:39:54 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

[ 2222.680284][T24995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2222.688108][T24995] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2222.695911][T24995] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2222.703837][T24995] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2222.711649][T24995]  </TASK>
[ 2222.754546][T25014] FAULT_INJECTION: forcing a failure.
[ 2222.754546][T25014] name failslab, interval 1, probability 0, space 0, times 0
[ 2222.785179][T25014] CPU: 0 PID: 25014 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2222.795344][T25014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2222.805235][T25014] Call Trace:
[ 2222.808358][T25014]  <TASK>
[ 2222.811139][T25014]  dump_stack_lvl+0x151/0x1b7
[ 2222.815648][T25014]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2222.821292][T25014]  dump_stack+0x15/0x17
[ 2222.825282][T25014]  should_fail+0x3c6/0x510
[ 2222.829536][T25014]  __should_failslab+0xa4/0xe0
[ 2222.834133][T25014]  should_failslab+0x9/0x20
[ 2222.838479][T25014]  slab_pre_alloc_hook+0x37/0xd0
[ 2222.844477][T25014]  __kmalloc+0x6d/0x270
[ 2222.848486][T25014]  ? security_prepare_creds+0x4d/0x140
[ 2222.853754][T25014]  security_prepare_creds+0x4d/0x140
[ 2222.858873][T25014]  prepare_creds+0x472/0x6a0
[ 2222.863298][T25014]  copy_creds+0xf0/0x630
[ 2222.867375][T25014]  ? dup_task_struct+0x7e6/0xc60
[ 2222.872151][T25014]  copy_process+0x7c3/0x3290
[ 2222.876578][T25014]  ? __kasan_check_write+0x14/0x20
[ 2222.881610][T25014]  ? proc_fail_nth_write+0x20b/0x290
[ 2222.886729][T25014]  ? selinux_file_permission+0x2c4/0x570
[ 2222.892196][T25014]  ? fsnotify_perm+0x6a/0x5d0
[ 2222.896712][T25014]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2222.901745][T25014]  ? vfs_write+0x9ec/0x1110
[ 2222.906084][T25014]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2222.911295][T25014]  kernel_clone+0x21e/0x9e0
[ 2222.915634][T25014]  ? create_io_thread+0x1e0/0x1e0
[ 2222.920494][T25014]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2222.926484][T25014]  __x64_sys_clone+0x23f/0x290
[ 2222.931099][T25014]  ? __do_sys_vfork+0x130/0x130
[ 2222.935771][T25014]  do_syscall_64+0x3d/0xb0
[ 2222.940023][T25014]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2222.945771][T25014]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2222.951480][T25014] RIP: 0033:0x7fbee4946da9
[ 2222.955732][T25014] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2222.975171][T25014] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2222.983416][T25014] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2222.991228][T25014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xc, 0x3}, 0x48)

22:39:54 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000601000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:54 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

[ 2222.999044][T25014] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2223.006849][T25014] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2223.014661][T25014] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2223.022497][T25014]  </TASK>
22:39:54 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x21000)

22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xd, 0x3}, 0x48)

22:39:54 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000701000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xe, 0x3}, 0x48)

22:39:54 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:54 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:54 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x22000)

[ 2223.126618][T25033] FAULT_INJECTION: forcing a failure.
[ 2223.126618][T25033] name failslab, interval 1, probability 0, space 0, times 0
[ 2223.156097][T25033] CPU: 0 PID: 25033 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2223.166273][T25033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2223.176152][T25033] Call Trace:
[ 2223.179274][T25033]  <TASK>
[ 2223.182053][T25033]  dump_stack_lvl+0x151/0x1b7
[ 2223.186571][T25033]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2223.192032][T25033]  dump_stack+0x15/0x17
[ 2223.197849][T25033]  should_fail+0x3c6/0x510
[ 2223.202102][T25033]  __should_failslab+0xa4/0xe0
[ 2223.206704][T25033]  ? anon_vma_fork+0xf7/0x4e0
[ 2223.211216][T25033]  should_failslab+0x9/0x20
[ 2223.216863][T25033]  slab_pre_alloc_hook+0x37/0xd0
[ 2223.221630][T25033]  ? anon_vma_fork+0xf7/0x4e0
[ 2223.226143][T25033]  kmem_cache_alloc+0x44/0x200
[ 2223.230742][T25033]  anon_vma_fork+0xf7/0x4e0
[ 2223.235081][T25033]  ? anon_vma_name+0x4c/0x70
[ 2223.239507][T25033]  ? vm_area_dup+0x17a/0x230
[ 2223.243937][T25033]  copy_mm+0xa3a/0x13e0
[ 2223.247932][T25033]  ? copy_signal+0x610/0x610
[ 2223.252353][T25033]  ? __init_rwsem+0xd6/0x1c0
[ 2223.256787][T25033]  ? copy_signal+0x4e3/0x610
[ 2223.261468][T25033]  copy_process+0x1149/0x3290
[ 2223.265982][T25033]  ? proc_fail_nth_write+0x20b/0x290
[ 2223.271201][T25033]  ? irqentry_exit+0x30/0x40
[ 2223.275618][T25033]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2223.280572][T25033]  ? kernel_clone+0x7a/0x9e0
[ 2223.284993][T25033]  kernel_clone+0x21e/0x9e0
[ 2223.289339][T25033]  ? file_end_write+0x1c0/0x1c0
[ 2223.294013][T25033]  ? create_io_thread+0x1e0/0x1e0
[ 2223.298883][T25033]  ? mutex_unlock+0xb2/0x260
[ 2223.303301][T25033]  ? __mutex_lock_slowpath+0x10/0x10
[ 2223.308426][T25033]  __x64_sys_clone+0x23f/0x290
[ 2223.313024][T25033]  ? __do_sys_vfork+0x130/0x130
[ 2223.317714][T25033]  do_syscall_64+0x3d/0xb0
[ 2223.321960][T25033]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2223.327603][T25033]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2223.333437][T25033] RIP: 0033:0x7fbee4946da9
[ 2223.337688][T25033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2223.357131][T25033] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2223.365385][T25033] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xf, 0x3}, 0x48)

22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x10, 0x3}, 0x48)

22:39:54 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

[ 2223.373181][T25033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2223.380990][T25033] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2223.388812][T25033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2223.396616][T25033] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2223.404431][T25033]  </TASK>
22:39:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x11, 0x3}, 0x48)

22:39:54 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:54 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x23000)

[ 2223.505927][T25047] FAULT_INJECTION: forcing a failure.
[ 2223.505927][T25047] name failslab, interval 1, probability 0, space 0, times 0
[ 2223.536536][T25047] CPU: 0 PID: 25047 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2223.546700][T25047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2223.556590][T25047] Call Trace:
[ 2223.559715][T25047]  <TASK>
[ 2223.562490][T25047]  dump_stack_lvl+0x151/0x1b7
[ 2223.567003][T25047]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2223.572475][T25047]  ? ida_alloc_range+0x591/0xa80
[ 2223.577246][T25047]  ? xas_nomem+0x19a/0x1d0
[ 2223.581499][T25047]  dump_stack+0x15/0x17
[ 2223.585492][T25047]  should_fail+0x3c6/0x510
[ 2223.589744][T25047]  __should_failslab+0xa4/0xe0
[ 2223.594346][T25047]  should_failslab+0x9/0x20
[ 2223.598685][T25047]  slab_pre_alloc_hook+0x37/0xd0
[ 2223.603456][T25047]  ? setup_userns_sysctls+0x55/0x340
[ 2223.608577][T25047]  __kmalloc_track_caller+0x6c/0x260
[ 2223.613698][T25047]  ? setup_userns_sysctls+0x55/0x340
[ 2223.618822][T25047]  kmemdup+0x24/0x50
[ 2223.622552][T25047]  setup_userns_sysctls+0x55/0x340
[ 2223.627499][T25047]  create_user_ns+0x1230/0x19d0
[ 2223.632203][T25047]  ? utsns_owner+0x40/0x40
[ 2223.636441][T25047]  ? security_prepare_creds+0x102/0x140
[ 2223.641819][T25047]  ? prepare_creds+0x486/0x6a0
[ 2223.646419][T25047]  copy_creds+0x20e/0x630
[ 2223.650585][T25047]  ? dup_task_struct+0x7e6/0xc60
[ 2223.655362][T25047]  copy_process+0x7c3/0x3290
[ 2223.659787][T25047]  ? irqentry_exit+0x30/0x40
[ 2223.664213][T25047]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2223.669161][T25047]  kernel_clone+0x21e/0x9e0
[ 2223.673501][T25047]  ? irqentry_exit+0x30/0x40
[ 2223.677926][T25047]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2223.683568][T25047]  ? create_io_thread+0x1e0/0x1e0
[ 2223.688427][T25047]  ? __x64_sys_clone+0x7e/0x290
[ 2223.693115][T25047]  __x64_sys_clone+0x23f/0x290
[ 2223.697730][T25047]  ? __do_sys_vfork+0x130/0x130
[ 2223.702406][T25047]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2223.708215][T25047]  do_syscall_64+0x3d/0xb0
[ 2223.712469][T25047]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2223.718110][T25047]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2223.723839][T25047] RIP: 0033:0x7fbee4946da9
[ 2223.728093][T25047] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2223.747625][T25047] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x12, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000c01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x24000)

22:39:55 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

[ 2223.755873][T25047] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2223.763682][T25047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2223.771494][T25047] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2223.779303][T25047] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2223.787117][T25047] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2223.795104][T25047]  </TASK>
22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x13, 0x3}, 0x48)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x14, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000e01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2223.876522][T25064] FAULT_INJECTION: forcing a failure.
[ 2223.876522][T25064] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2223.896110][T25064] CPU: 1 PID: 25064 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2223.906276][T25064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2223.916164][T25064] Call Trace:
[ 2223.919289][T25064]  <TASK>
[ 2223.922068][T25064]  dump_stack_lvl+0x151/0x1b7
[ 2223.926583][T25064]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2223.932048][T25064]  dump_stack+0x15/0x17
[ 2223.936038][T25064]  should_fail+0x3c6/0x510
[ 2223.940294][T25064]  should_fail_alloc_page+0x5a/0x80
[ 2223.945327][T25064]  prepare_alloc_pages+0x15c/0x700
[ 2223.950278][T25064]  ? update_stack_state+0x12f/0x460
[ 2223.955312][T25064]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2223.960347][T25064]  __alloc_pages+0x18c/0x8f0
[ 2223.964859][T25064]  ? prep_new_page+0x110/0x110
[ 2223.969454][T25064]  ? copy_page_range+0x6e3/0x2f90
[ 2223.974325][T25064]  ? __pud_alloc+0x6d/0x260
[ 2223.978745][T25064]  get_zeroed_page+0x1b/0x40
[ 2223.983170][T25064]  __pud_alloc+0x8b/0x260
[ 2223.987347][T25064]  ? stack_trace_snprint+0xf0/0xf0
[ 2223.992284][T25064]  ? do_handle_mm_fault+0x2330/0x2330
[ 2223.997490][T25064]  ? __stack_depot_save+0x34/0x470
[ 2224.002521][T25064]  ? anon_vma_clone+0x9a/0x500
[ 2224.007124][T25064]  copy_page_range+0x2bcf/0x2f90
[ 2224.011894][T25064]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2224.016757][T25064]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2224.021891][T25064]  ? copy_mm+0xa3a/0x13e0
[ 2224.026044][T25064]  ? copy_process+0x1149/0x3290
[ 2224.030728][T25064]  ? kernel_clone+0x21e/0x9e0
[ 2224.035274][T25064]  ? __x64_sys_clone+0x23f/0x290
[ 2224.040017][T25064]  ? do_syscall_64+0x3d/0xb0
[ 2224.044444][T25064]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2224.050347][T25064]  ? irqentry_exit+0x30/0x40
[ 2224.054774][T25064]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2224.060761][T25064]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2224.067011][T25064]  ? pfn_valid+0x1e0/0x1e0
[ 2224.071264][T25064]  ? rwsem_write_trylock+0x15b/0x290
[ 2224.076380][T25064]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2224.082633][T25064]  copy_mm+0xc7e/0x13e0
[ 2224.086624][T25064]  ? copy_signal+0x610/0x610
[ 2224.091050][T25064]  ? __init_rwsem+0xd6/0x1c0
[ 2224.095487][T25064]  ? copy_signal+0x4e3/0x610
[ 2224.099914][T25064]  copy_process+0x1149/0x3290
[ 2224.104420][T25064]  ? _raw_spin_unlock+0x4d/0x70
[ 2224.109101][T25064]  ? perf_event_context_sched_in+0x4ea/0x5e0
[ 2224.114918][T25064]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2224.119864][T25064]  ? __perf_event_task_sched_in+0x219/0x2a0
[ 2224.125594][T25064]  kernel_clone+0x21e/0x9e0
[ 2224.129935][T25064]  ? create_io_thread+0x1e0/0x1e0
[ 2224.134792][T25064]  ? finish_task_switch+0x167/0x7b0
[ 2224.139827][T25064]  __x64_sys_clone+0x23f/0x290
[ 2224.144513][T25064]  ? __do_sys_vfork+0x130/0x130
[ 2224.149285][T25064]  ? switch_fpu_return+0x1ed/0x3d0
[ 2224.154234][T25064]  ? __kasan_check_read+0x11/0x20
[ 2224.159094][T25064]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2224.164564][T25064]  do_syscall_64+0x3d/0xb0
[ 2224.168817][T25064]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2224.174473][T25064]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2224.180184][T25064] RIP: 0033:0x7fbee4946da9
[ 2224.184441][T25064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2224.203880][T25064] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2224.212123][T25064] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2224.219935][T25064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x15, 0x3}, 0x48)

22:39:55 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

22:39:55 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x25000)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000f01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x16, 0x3}, 0x48)

[ 2224.227747][T25064] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2224.235559][T25064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2224.243372][T25064] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2224.251199][T25064]  </TASK>
22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x17, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000001801000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x18, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000001f01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x26000)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x19, 0x3}, 0x48)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1a, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000002001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000013601000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1b, 0x3}, 0x48)

22:39:55 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000003c01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:55 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x27000)

22:39:55 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:55 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1c, 0x3}, 0x48)

[ 2224.444862][T25102] FAULT_INJECTION: forcing a failure.
[ 2224.444862][T25102] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2224.465596][T25102] CPU: 1 PID: 25102 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2224.475768][T25102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2224.485670][T25102] Call Trace:
[ 2224.488779][T25102]  <TASK>
[ 2224.491557][T25102]  dump_stack_lvl+0x151/0x1b7
[ 2224.496074][T25102]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2224.501622][T25102]  dump_stack+0x15/0x17
[ 2224.505624][T25102]  should_fail+0x3c6/0x510
[ 2224.509922][T25102]  should_fail_alloc_page+0x5a/0x80
[ 2224.514904][T25102]  prepare_alloc_pages+0x15c/0x700
[ 2224.519854][T25102]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2224.524886][T25102]  __alloc_pages+0x18c/0x8f0
[ 2224.529316][T25102]  ? prep_new_page+0x110/0x110
[ 2224.533910][T25102]  ? __alloc_pages+0x27e/0x8f0
[ 2224.538513][T25102]  ? __kasan_check_write+0x14/0x20
[ 2224.543459][T25102]  ? _raw_spin_lock+0xa4/0x1b0
[ 2224.548054][T25102]  __pmd_alloc+0xb1/0x550
[ 2224.552227][T25102]  ? __pud_alloc+0x260/0x260
[ 2224.556650][T25102]  ? __pud_alloc+0x213/0x260
[ 2224.561164][T25102]  ? do_handle_mm_fault+0x2330/0x2330
[ 2224.566368][T25102]  ? __stack_depot_save+0x34/0x470
[ 2224.571314][T25102]  ? anon_vma_clone+0x9a/0x500
[ 2224.575916][T25102]  copy_page_range+0x2b3d/0x2f90
[ 2224.580687][T25102]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2224.585544][T25102]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2224.590670][T25102]  ? copy_mm+0xa3a/0x13e0
[ 2224.594833][T25102]  ? copy_process+0x1149/0x3290
[ 2224.599525][T25102]  ? kernel_clone+0x21e/0x9e0
[ 2224.604034][T25102]  ? do_syscall_64+0x3d/0xb0
[ 2224.608459][T25102]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2224.614366][T25102]  ? pfn_valid+0x1e0/0x1e0
[ 2224.618623][T25102]  ? rwsem_write_trylock+0x15b/0x290
[ 2224.623737][T25102]  ? irqentry_exit+0x30/0x40
[ 2224.628161][T25102]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2224.633804][T25102]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2224.639794][T25102]  copy_mm+0xc7e/0x13e0
[ 2224.643789][T25102]  ? copy_signal+0x610/0x610
[ 2224.648212][T25102]  ? __init_rwsem+0xd6/0x1c0
[ 2224.652723][T25102]  ? copy_signal+0x4e3/0x610
[ 2224.657154][T25102]  copy_process+0x1149/0x3290
[ 2224.661677][T25102]  ? proc_fail_nth_write+0x20b/0x290
[ 2224.666793][T25102]  ? vfs_write+0x340/0x1110
[ 2224.671172][T25102]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2224.676074][T25102]  ? vfs_write+0x9ec/0x1110
[ 2224.680409][T25102]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2224.685620][T25102]  kernel_clone+0x21e/0x9e0
[ 2224.689958][T25102]  ? file_end_write+0x1c0/0x1c0
[ 2224.694646][T25102]  ? create_io_thread+0x1e0/0x1e0
[ 2224.699503][T25102]  ? mutex_unlock+0xb2/0x260
[ 2224.703930][T25102]  ? __mutex_lock_slowpath+0x10/0x10
[ 2224.709052][T25102]  __x64_sys_clone+0x23f/0x290
[ 2224.713663][T25102]  ? __do_sys_vfork+0x130/0x130
[ 2224.718341][T25102]  ? debug_smp_processor_id+0x17/0x20
[ 2224.723545][T25102]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2224.729458][T25102]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2224.734922][T25102]  do_syscall_64+0x3d/0xb0
[ 2224.739170][T25102]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2224.744810][T25102]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2224.750553][T25102] RIP: 0033:0x7fbee4946da9
[ 2224.754800][T25102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2224.775537][T25102] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2224.783778][T25102] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1d, 0x3}, 0x48)

22:39:56 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000003f01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:56 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x28000)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1e, 0x3}, 0x48)

22:39:56 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

[ 2224.791593][T25102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2224.799402][T25102] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2224.807214][T25102] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2224.815027][T25102] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2224.822841][T25102]  </TASK>
22:39:56 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000004001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x21, 0x3}, 0x48)

22:39:56 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x29000)

22:39:56 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000004b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x22, 0x3}, 0x48)

[ 2224.905798][T25123] FAULT_INJECTION: forcing a failure.
[ 2224.905798][T25123] name fail_page_alloc, interval 1, probability 0, space 0, times 0
22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x23, 0x3}, 0x48)

[ 2224.975777][T25123] CPU: 1 PID: 25123 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2224.985936][T25123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2224.995832][T25123] Call Trace:
[ 2224.998954][T25123]  <TASK>
[ 2225.001731][T25123]  dump_stack_lvl+0x151/0x1b7
[ 2225.006246][T25123]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2225.011714][T25123]  dump_stack+0x15/0x17
[ 2225.015795][T25123]  should_fail+0x3c6/0x510
[ 2225.020044][T25123]  should_fail_alloc_page+0x5a/0x80
[ 2225.025072][T25123]  prepare_alloc_pages+0x15c/0x700
[ 2225.030025][T25123]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2225.035054][T25123]  __alloc_pages+0x18c/0x8f0
[ 2225.039481][T25123]  ? prep_new_page+0x110/0x110
[ 2225.044082][T25123]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2225.050074][T25123]  pte_alloc_one+0x73/0x1b0
[ 2225.054522][T25123]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2225.059550][T25123]  ? _raw_spin_unlock+0x37/0x70
[ 2225.064237][T25123]  ? __pmd_alloc+0x48d/0x550
[ 2225.069009][T25123]  __pte_alloc+0x86/0x350
[ 2225.073174][T25123]  ? __pud_alloc+0x260/0x260
[ 2225.077617][T25123]  ? __pud_alloc+0x213/0x260
[ 2225.082116][T25123]  ? free_pgtables+0x280/0x280
[ 2225.086714][T25123]  ? do_handle_mm_fault+0x2330/0x2330
[ 2225.092168][T25123]  ? __stack_depot_save+0x34/0x470
[ 2225.097108][T25123]  copy_page_range+0x28a8/0x2f90
[ 2225.101879][T25123]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2225.106736][T25123]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2225.111861][T25123]  ? kernel_clone+0x21e/0x9e0
[ 2225.116382][T25123]  ? do_syscall_64+0x3d/0xb0
[ 2225.120810][T25123]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2225.127228][T25123]  ? pfn_valid+0x1e0/0x1e0
[ 2225.131474][T25123]  ? rwsem_write_trylock+0x15b/0x290
[ 2225.136604][T25123]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2225.142888][T25123]  copy_mm+0xc7e/0x13e0
[ 2225.146925][T25123]  ? copy_signal+0x610/0x610
[ 2225.151353][T25123]  ? __init_rwsem+0xd6/0x1c0
[ 2225.155778][T25123]  ? copy_signal+0x4e3/0x610
[ 2225.160211][T25123]  copy_process+0x1149/0x3290
[ 2225.164721][T25123]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2225.169684][T25123]  ? kasan_check_range+0xc/0x2a0
[ 2225.174446][T25123]  kernel_clone+0x21e/0x9e0
[ 2225.178780][T25123]  ? file_end_write+0x1c0/0x1c0
[ 2225.183465][T25123]  ? create_io_thread+0x1e0/0x1e0
[ 2225.188321][T25123]  ? mutex_unlock+0xb2/0x260
[ 2225.192750][T25123]  ? __mutex_lock_slowpath+0x10/0x10
[ 2225.197870][T25123]  __x64_sys_clone+0x23f/0x290
[ 2225.202472][T25123]  ? __do_sys_vfork+0x130/0x130
[ 2225.207172][T25123]  ? ksys_write+0x260/0x2c0
[ 2225.211505][T25123]  ? debug_smp_processor_id+0x17/0x20
[ 2225.216704][T25123]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2225.222609][T25123]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2225.228077][T25123]  do_syscall_64+0x3d/0xb0
[ 2225.232423][T25123]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2225.238056][T25123]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2225.243871][T25123] RIP: 0033:0x7fbee4946da9
[ 2225.248134][T25123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2225.267652][T25123] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:39:56 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:56 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:56 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x3}, 0x48)

22:39:56 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2a000)

[ 2225.275982][T25123] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2225.283797][T25123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2225.291613][T25123] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2225.299423][T25123] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2225.307236][T25123] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2225.315191][T25123]  </TASK>
22:39:56 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3a0, 0x3}, 0x48)

22:39:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x500, 0x3}, 0x48)

[ 2225.385341][T25141] FAULT_INJECTION: forcing a failure.
[ 2225.385341][T25141] name failslab, interval 1, probability 0, space 0, times 0
[ 2225.407303][T25141] CPU: 1 PID: 25141 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2225.417473][T25141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2225.427368][T25141] Call Trace:
[ 2225.430494][T25141]  <TASK>
[ 2225.433260][T25141]  dump_stack_lvl+0x151/0x1b7
[ 2225.437777][T25141]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2225.443330][T25141]  dump_stack+0x15/0x17
[ 2225.447319][T25141]  should_fail+0x3c6/0x510
[ 2225.451574][T25141]  __should_failslab+0xa4/0xe0
[ 2225.456174][T25141]  ? vm_area_dup+0x26/0x230
[ 2225.460514][T25141]  should_failslab+0x9/0x20
[ 2225.464854][T25141]  slab_pre_alloc_hook+0x37/0xd0
[ 2225.469629][T25141]  ? vm_area_dup+0x26/0x230
[ 2225.473967][T25141]  kmem_cache_alloc+0x44/0x200
[ 2225.478742][T25141]  vm_area_dup+0x26/0x230
[ 2225.482908][T25141]  copy_mm+0x9a1/0x13e0
[ 2225.486901][T25141]  ? copy_signal+0x610/0x610
[ 2225.491336][T25141]  ? __init_rwsem+0xd6/0x1c0
[ 2225.495751][T25141]  ? copy_signal+0x4e3/0x610
[ 2225.500210][T25141]  copy_process+0x1149/0x3290
[ 2225.504694][T25141]  ? irqentry_exit+0x30/0x40
[ 2225.509466][T25141]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2225.514420][T25141]  ? kernel_clone+0xcd/0x9e0
[ 2225.518847][T25141]  kernel_clone+0x21e/0x9e0
[ 2225.523181][T25141]  ? create_io_thread+0x1e0/0x1e0
[ 2225.528079][T25141]  ? clockevents_program_event+0x22f/0x300
[ 2225.533685][T25141]  __x64_sys_clone+0x23f/0x290
[ 2225.538281][T25141]  ? __do_sys_vfork+0x130/0x130
[ 2225.542968][T25141]  ? debug_smp_processor_id+0x17/0x20
[ 2225.548264][T25141]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2225.554162][T25141]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2225.559630][T25141]  do_syscall_64+0x3d/0xb0
[ 2225.563884][T25141]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2225.569526][T25141]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2225.575254][T25141] RIP: 0033:0x7fbee4946da9
[ 2225.579511][T25141] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2225.599041][T25141] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2225.607279][T25141] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2225.615091][T25141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2225.622901][T25141] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x600, 0x3}, 0x48)

22:39:57 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006201000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:57 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x700, 0x3}, 0x48)

[ 2225.630718][T25141] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2225.638523][T25141] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2225.646432][T25141]  </TASK>
22:39:57 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x900, 0x3}, 0x48)

22:39:57 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2b000)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xa00, 0x3}, 0x48)

[ 2225.723721][T25163] FAULT_INJECTION: forcing a failure.
[ 2225.723721][T25163] name failslab, interval 1, probability 0, space 0, times 0
[ 2225.756222][T25163] CPU: 1 PID: 25163 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2225.766389][T25163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2225.776271][T25163] Call Trace:
[ 2225.779393][T25163]  <TASK>
[ 2225.782187][T25163]  dump_stack_lvl+0x151/0x1b7
[ 2225.786687][T25163]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2225.792164][T25163]  dump_stack+0x15/0x17
[ 2225.796168][T25163]  should_fail+0x3c6/0x510
[ 2225.800400][T25163]  __should_failslab+0xa4/0xe0
[ 2225.804997][T25163]  ? copy_sighand+0x54/0x250
[ 2225.809424][T25163]  should_failslab+0x9/0x20
[ 2225.813763][T25163]  slab_pre_alloc_hook+0x37/0xd0
[ 2225.818539][T25163]  ? copy_sighand+0x54/0x250
[ 2225.822963][T25163]  kmem_cache_alloc+0x44/0x200
[ 2225.827564][T25163]  copy_sighand+0x54/0x250
[ 2225.831817][T25163]  copy_process+0x10d6/0x3290
[ 2225.836418][T25163]  ? timerqueue_add+0x250/0x270
[ 2225.841103][T25163]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2225.846053][T25163]  ? enqueue_hrtimer+0xca/0x240
[ 2225.850735][T25163]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2225.855949][T25163]  kernel_clone+0x21e/0x9e0
[ 2225.860285][T25163]  ? create_io_thread+0x1e0/0x1e0
[ 2225.865146][T25163]  ? clockevents_program_event+0x22f/0x300
[ 2225.870788][T25163]  __x64_sys_clone+0x23f/0x290
[ 2225.875387][T25163]  ? __do_sys_vfork+0x130/0x130
[ 2225.880076][T25163]  ? debug_smp_processor_id+0x17/0x20
[ 2225.885281][T25163]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2225.891185][T25163]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2225.896653][T25163]  do_syscall_64+0x3d/0xb0
[ 2225.900904][T25163]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2225.906545][T25163]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2225.912272][T25163] RIP: 0033:0x7fbee4946da9
[ 2225.916528][T25163] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2225.936065][T25163] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2225.944299][T25163] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2225.952113][T25163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2225.959930][T25163] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:39:57 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xb00, 0x3}, 0x48)

22:39:57 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2c000)

22:39:57 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:57 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xc00, 0x3}, 0x48)

[ 2225.967743][T25163] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2225.975545][T25163] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2225.983359][T25163]  </TASK>
22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xd00, 0x3}, 0x48)

[ 2226.041352][T25178] FAULT_INJECTION: forcing a failure.
[ 2226.041352][T25178] name failslab, interval 1, probability 0, space 0, times 0
[ 2226.075351][T25178] CPU: 0 PID: 25178 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2226.085518][T25178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2226.095407][T25178] Call Trace:
[ 2226.098530][T25178]  <TASK>
[ 2226.101307][T25178]  dump_stack_lvl+0x151/0x1b7
[ 2226.105819][T25178]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2226.111462][T25178]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2226.116929][T25178]  ? __wake_up_klogd+0xd5/0x110
[ 2226.121616][T25178]  dump_stack+0x15/0x17
[ 2226.125609][T25178]  should_fail+0x3c6/0x510
[ 2226.129869][T25178]  __should_failslab+0xa4/0xe0
[ 2226.134464][T25178]  ? copy_signal+0x55/0x610
[ 2226.138800][T25178]  should_failslab+0x9/0x20
[ 2226.143149][T25178]  slab_pre_alloc_hook+0x37/0xd0
[ 2226.147913][T25178]  ? copy_signal+0x55/0x610
[ 2226.152252][T25178]  kmem_cache_alloc+0x44/0x200
[ 2226.156853][T25178]  ? _raw_spin_unlock_irq+0x49/0x70
[ 2226.161887][T25178]  copy_signal+0x55/0x610
[ 2226.166052][T25178]  copy_process+0x1101/0x3290
[ 2226.170567][T25178]  ? timerqueue_add+0x250/0x270
[ 2226.175253][T25178]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2226.180288][T25178]  ? enqueue_hrtimer+0xca/0x240
[ 2226.184975][T25178]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2226.190184][T25178]  kernel_clone+0x21e/0x9e0
[ 2226.194520][T25178]  ? create_io_thread+0x1e0/0x1e0
[ 2226.199383][T25178]  ? clockevents_program_event+0x22f/0x300
[ 2226.205025][T25178]  __x64_sys_clone+0x23f/0x290
[ 2226.209624][T25178]  ? __do_sys_vfork+0x130/0x130
[ 2226.214323][T25178]  do_syscall_64+0x3d/0xb0
[ 2226.218561][T25178]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2226.224203][T25178]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2226.229930][T25178] RIP: 0033:0x7fbee4946da9
[ 2226.234190][T25178] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2226.253631][T25178] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2226.261873][T25178] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2226.269778][T25178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2226.277690][T25178] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xe00, 0x3}, 0x48)

22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xf00, 0x3}, 0x48)

22:39:57 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

22:39:57 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2d000)

[ 2226.285479][T25178] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2226.293384][T25178] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2226.301204][T25178]  </TASK>
22:39:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1100, 0x3}, 0x48)

22:39:57 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2226.385410][T25195] FAULT_INJECTION: forcing a failure.
[ 2226.385410][T25195] name failslab, interval 1, probability 0, space 0, times 0
[ 2226.405066][T25195] CPU: 1 PID: 25195 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2226.415244][T25195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2226.425131][T25195] Call Trace:
[ 2226.428246][T25195]  <TASK>
[ 2226.431025][T25195]  dump_stack_lvl+0x151/0x1b7
[ 2226.435544][T25195]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2226.441001][T25195]  dump_stack+0x15/0x17
[ 2226.444995][T25195]  should_fail+0x3c6/0x510
[ 2226.449344][T25195]  __should_failslab+0xa4/0xe0
[ 2226.453933][T25195]  ? anon_vma_clone+0x9a/0x500
[ 2226.458533][T25195]  should_failslab+0x9/0x20
[ 2226.462886][T25195]  slab_pre_alloc_hook+0x37/0xd0
[ 2226.467660][T25195]  ? anon_vma_clone+0x9a/0x500
[ 2226.472250][T25195]  kmem_cache_alloc+0x44/0x200
[ 2226.476858][T25195]  anon_vma_clone+0x9a/0x500
[ 2226.481282][T25195]  anon_vma_fork+0x91/0x4e0
[ 2226.485615][T25195]  ? anon_vma_name+0x4c/0x70
[ 2226.490140][T25195]  ? vm_area_dup+0x17a/0x230
[ 2226.494564][T25195]  copy_mm+0xa3a/0x13e0
[ 2226.498637][T25195]  ? copy_signal+0x610/0x610
[ 2226.503059][T25195]  ? __init_rwsem+0xd6/0x1c0
[ 2226.507572][T25195]  ? copy_signal+0x4e3/0x610
[ 2226.512008][T25195]  copy_process+0x1149/0x3290
[ 2226.516516][T25195]  ? cgroup_rstat_updated+0xe5/0x370
[ 2226.521634][T25195]  ? put_prev_entity+0x460/0x460
[ 2226.526421][T25195]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2226.531353][T25195]  ? pick_next_task_fair+0x965/0xbc0
[ 2226.536482][T25195]  kernel_clone+0x21e/0x9e0
[ 2226.540812][T25195]  ? __kasan_check_write+0x14/0x20
[ 2226.545770][T25195]  ? _raw_spin_lock+0xa4/0x1b0
[ 2226.550375][T25195]  ? create_io_thread+0x1e0/0x1e0
[ 2226.555222][T25195]  __x64_sys_clone+0x23f/0x290
[ 2226.559820][T25195]  ? __do_sys_vfork+0x130/0x130
[ 2226.564507][T25195]  ? switch_fpu_return+0x1ed/0x3d0
[ 2226.569457][T25195]  ? __kasan_check_read+0x11/0x20
[ 2226.574421][T25195]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2226.579890][T25195]  do_syscall_64+0x3d/0xb0
[ 2226.584135][T25195]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2226.589775][T25195]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2226.595506][T25195] RIP: 0033:0x7fbee4946da9
[ 2226.599771][T25195] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2226.619201][T25195] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2226.627615][T25195] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:58 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1200, 0x3}, 0x48)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2e000)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1300, 0x3}, 0x48)

[ 2226.635423][T25195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2226.643233][T25195] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2226.651046][T25195] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2226.658851][T25195] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2226.666786][T25195]  </TASK>
22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1400, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2f000)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1500, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1600, 0x3}, 0x48)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1700, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007201000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x30000)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1800, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1900, 0x3}, 0x48)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x31000)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1a00, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1b00, 0x3}, 0x48)

22:39:58 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:58 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2227.037248][T25256] FAULT_INJECTION: forcing a failure.
[ 2227.037248][T25256] name failslab, interval 1, probability 0, space 0, times 0
[ 2227.052318][T25256] CPU: 1 PID: 25256 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2227.062474][T25256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2227.072363][T25256] Call Trace:
[ 2227.075486][T25256]  <TASK>
[ 2227.078266][T25256]  dump_stack_lvl+0x151/0x1b7
[ 2227.082778][T25256]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2227.088340][T25256]  dump_stack+0x15/0x17
[ 2227.092324][T25256]  should_fail+0x3c6/0x510
[ 2227.096590][T25256]  __should_failslab+0xa4/0xe0
[ 2227.101269][T25256]  should_failslab+0x9/0x20
[ 2227.105621][T25256]  slab_pre_alloc_hook+0x37/0xd0
[ 2227.110380][T25256]  kmem_cache_alloc_trace+0x48/0x210
[ 2227.115500][T25256]  ? mm_init+0x39a/0x970
[ 2227.119578][T25256]  mm_init+0x39a/0x970
[ 2227.123486][T25256]  copy_mm+0x1e3/0x13e0
[ 2227.127476][T25256]  ? _raw_spin_lock+0xa4/0x1b0
[ 2227.132075][T25256]  ? copy_signal+0x610/0x610
[ 2227.136507][T25256]  ? __kasan_check_write+0x14/0x20
[ 2227.141449][T25256]  ? __init_rwsem+0xd6/0x1c0
[ 2227.145875][T25256]  ? copy_signal+0x4e3/0x610
[ 2227.150304][T25256]  copy_process+0x1149/0x3290
[ 2227.154921][T25256]  ? proc_fail_nth_write+0x20b/0x290
[ 2227.160024][T25256]  ? irqentry_exit+0x30/0x40
[ 2227.164452][T25256]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2227.169556][T25256]  ? kernel_clone+0xcd/0x9e0
[ 2227.173985][T25256]  ? kernel_clone+0x136/0x9e0
[ 2227.178536][T25256]  kernel_clone+0x21e/0x9e0
[ 2227.182834][T25256]  ? create_io_thread+0x1e0/0x1e0
[ 2227.187691][T25256]  ? mutex_unlock+0xb2/0x260
[ 2227.192127][T25256]  ? __mutex_lock_slowpath+0x10/0x10
[ 2227.197238][T25256]  __x64_sys_clone+0x23f/0x290
[ 2227.201840][T25256]  ? __do_sys_vfork+0x130/0x130
[ 2227.206537][T25256]  ? ksys_write+0x260/0x2c0
[ 2227.210872][T25256]  ? debug_smp_processor_id+0x17/0x20
[ 2227.216072][T25256]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2227.221976][T25256]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2227.227569][T25256]  do_syscall_64+0x3d/0xb0
[ 2227.231818][T25256]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2227.237475][T25256]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2227.243194][T25256] RIP: 0033:0x7fbee4946da9
[ 2227.247458][T25256] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2227.266886][T25256] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2227.275150][T25256] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000008301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x32000)

22:39:58 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1c00, 0x3}, 0x48)

[ 2227.283120][T25256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2227.290929][T25256] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2227.298745][T25256] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2227.306639][T25256] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2227.314536][T25256]  </TASK>
22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1d00, 0x3}, 0x48)

22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000039901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1e00, 0x3}, 0x48)

22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x33000)

[ 2227.403212][T25267] FAULT_INJECTION: forcing a failure.
[ 2227.403212][T25267] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2227.441289][T25267] CPU: 0 PID: 25267 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
22:39:58 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000001d001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1f00, 0x3}, 0x48)

22:39:58 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2227.451450][T25267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2227.461354][T25267] Call Trace:
[ 2227.464471][T25267]  <TASK>
[ 2227.467253][T25267]  dump_stack_lvl+0x151/0x1b7
[ 2227.471850][T25267]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2227.477319][T25267]  dump_stack+0x15/0x17
[ 2227.481314][T25267]  should_fail+0x3c6/0x510
[ 2227.485563][T25267]  should_fail_alloc_page+0x5a/0x80
[ 2227.490593][T25267]  prepare_alloc_pages+0x15c/0x700
[ 2227.495545][T25267]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2227.500573][T25267]  ? kasan_check_range+0x48/0x2a0
[ 2227.505450][T25267]  __alloc_pages+0x18c/0x8f0
[ 2227.509865][T25267]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2227.515509][T25267]  ? prep_new_page+0x110/0x110
[ 2227.520104][T25267]  ? kasan_check_range+0x90/0x2a0
[ 2227.524966][T25267]  __get_free_pages+0x10/0x30
[ 2227.529484][T25267]  pgd_alloc+0x21/0x2c0
[ 2227.533470][T25267]  mm_init+0x5c7/0x970
[ 2227.537375][T25267]  copy_mm+0x1e3/0x13e0
[ 2227.541455][T25267]  ? irqentry_exit+0x30/0x40
[ 2227.545883][T25267]  ? sysvec_apic_timer_interrupt+0x55/0xc0
22:39:58 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x34000)

[ 2227.551525][T25267]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2227.557517][T25267]  ? posix_cputimers_group_init+0x9f/0x110
[ 2227.563152][T25267]  ? posix_cputimers_group_init+0xe6/0x110
[ 2227.568797][T25267]  ? copy_signal+0x610/0x610
[ 2227.573217][T25267]  ? __kasan_check_write+0x14/0x20
[ 2227.578165][T25267]  ? __init_rwsem+0xd6/0x1c0
[ 2227.582596][T25267]  ? copy_signal+0x4e3/0x610
[ 2227.587021][T25267]  copy_process+0x1149/0x3290
[ 2227.591539][T25267]  ? timerqueue_add+0x250/0x270
[ 2227.596222][T25267]  ? pidfd_show_fdinfo+0x2b0/0x2b0
22:39:58 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2227.601167][T25267]  ? enqueue_hrtimer+0xca/0x240
[ 2227.605853][T25267]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2227.611066][T25267]  kernel_clone+0x21e/0x9e0
[ 2227.615404][T25267]  ? create_io_thread+0x1e0/0x1e0
[ 2227.620263][T25267]  ? clockevents_program_event+0x22f/0x300
[ 2227.625932][T25267]  __x64_sys_clone+0x23f/0x290
[ 2227.630507][T25267]  ? __do_sys_vfork+0x130/0x130
[ 2227.635197][T25267]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2227.641010][T25267]  do_syscall_64+0x3d/0xb0
[ 2227.645256][T25267]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2227.650902][T25267]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2227.656630][T25267] RIP: 0033:0x7fbee4946da9
[ 2227.660879][T25267] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2227.680410][T25267] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2227.688656][T25267] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2227.696472][T25267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:39:59 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000003d901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2100, 0x3}, 0x48)

[ 2227.704277][T25267] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2227.712086][T25267] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2227.719902][T25267] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2227.727803][T25267]  </TASK>
22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2200, 0x3}, 0x48)

22:39:59 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000ff01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x35000)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2300, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000004000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000030018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2227.861427][T25302] FAULT_INJECTION: forcing a failure.
[ 2227.861427][T25302] name failslab, interval 1, probability 0, space 0, times 0
[ 2227.883223][T25302] CPU: 0 PID: 25302 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2227.893393][T25302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2227.903288][T25302] Call Trace:
[ 2227.906406][T25302]  <TASK>
[ 2227.909186][T25302]  dump_stack_lvl+0x151/0x1b7
[ 2227.913697][T25302]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2227.919685][T25302]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2227.925254][T25302]  ? __wake_up_klogd+0xd5/0x110
[ 2227.929939][T25302]  ? dump_stack+0x9/0x17
[ 2227.934022][T25302]  dump_stack+0x15/0x17
[ 2227.938015][T25302]  should_fail+0x3c6/0x510
[ 2227.942294][T25302]  __should_failslab+0xa4/0xe0
[ 2227.947039][T25302]  ? anon_vma_clone+0x9a/0x500
[ 2227.951639][T25302]  should_failslab+0x9/0x20
[ 2227.955978][T25302]  slab_pre_alloc_hook+0x37/0xd0
[ 2227.960753][T25302]  ? anon_vma_clone+0x9a/0x500
[ 2227.965351][T25302]  kmem_cache_alloc+0x44/0x200
[ 2227.969953][T25302]  anon_vma_clone+0x9a/0x500
[ 2227.974380][T25302]  anon_vma_fork+0x91/0x4e0
[ 2227.978718][T25302]  ? anon_vma_name+0x4c/0x70
[ 2227.983146][T25302]  ? vm_area_dup+0x17a/0x230
[ 2227.987570][T25302]  copy_mm+0xa3a/0x13e0
[ 2227.991562][T25302]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2227.997209][T25302]  ? copy_signal+0x610/0x610
[ 2228.001628][T25302]  ? __init_rwsem+0xd6/0x1c0
[ 2228.006317][T25302]  ? copy_signal+0x4e3/0x610
[ 2228.010746][T25302]  copy_process+0x1149/0x3290
[ 2228.015264][T25302]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2228.020206][T25302]  kernel_clone+0x21e/0x9e0
[ 2228.024546][T25302]  ? create_io_thread+0x1e0/0x1e0
[ 2228.029406][T25302]  ? clockevents_program_event+0x22f/0x300
[ 2228.035134][T25302]  __x64_sys_clone+0x23f/0x290
[ 2228.039734][T25302]  ? __do_sys_vfork+0x130/0x130
[ 2228.044423][T25302]  ? debug_smp_processor_id+0x17/0x20
[ 2228.049628][T25302]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2228.055617][T25302]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2228.061085][T25302]  do_syscall_64+0x3d/0xb0
[ 2228.065355][T25302]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2228.070987][T25302]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2228.076706][T25302] RIP: 0033:0x7fbee4946da9
[ 2228.080978][T25302] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2228.100410][T25302] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000070018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1000000, 0x3}, 0x48)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2000000, 0x3}, 0x48)

22:39:59 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x36000)

[ 2228.108646][T25302] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2228.116458][T25302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2228.124266][T25302] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2228.132180][T25302] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2228.139993][T25302] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2228.147818][T25302]  </TASK>
22:39:59 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000090018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000000a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4000000, 0x3}, 0x48)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000200000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x6000000, 0x3}, 0x48)

22:39:59 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x37000)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x7000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000300000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x8000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000400000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000700000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x38000)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x9000000, 0x3}, 0x48)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xa000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000800000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xb000000, 0x3}, 0x48)

22:39:59 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x39000)

22:39:59 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000900000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000a00000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:39:59 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}], 0x10, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:39:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xc000000, 0x3}, 0x48)

22:39:59 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000201000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2228.589355][T25366] FAULT_INJECTION: forcing a failure.
[ 2228.589355][T25366] name failslab, interval 1, probability 0, space 0, times 0
[ 2228.615069][T25366] CPU: 0 PID: 25366 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2228.625254][T25366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2228.635139][T25366] Call Trace:
[ 2228.638260][T25366]  <TASK>
[ 2228.641041][T25366]  dump_stack_lvl+0x151/0x1b7
[ 2228.645549][T25366]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2228.651112][T25366]  ? avc_denied+0x1b0/0x1b0
[ 2228.655448][T25366]  dump_stack+0x15/0x17
[ 2228.659438][T25366]  should_fail+0x3c6/0x510
[ 2228.663688][T25366]  __should_failslab+0xa4/0xe0
[ 2228.668284][T25366]  ? vm_area_dup+0x26/0x230
[ 2228.672623][T25366]  should_failslab+0x9/0x20
[ 2228.676963][T25366]  slab_pre_alloc_hook+0x37/0xd0
[ 2228.681908][T25366]  ? vm_area_dup+0x26/0x230
[ 2228.686246][T25366]  kmem_cache_alloc+0x44/0x200
[ 2228.690871][T25366]  vm_area_dup+0x26/0x230
[ 2228.695014][T25366]  copy_mm+0x9a1/0x13e0
[ 2228.699013][T25366]  ? copy_signal+0x610/0x610
[ 2228.703432][T25366]  ? __init_rwsem+0xd6/0x1c0
[ 2228.707858][T25366]  ? copy_signal+0x4e3/0x610
[ 2228.712283][T25366]  copy_process+0x1149/0x3290
[ 2228.716805][T25366]  ? timerqueue_add+0x250/0x270
[ 2228.721484][T25366]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2228.726432][T25366]  ? enqueue_hrtimer+0xca/0x240
[ 2228.731134][T25366]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2228.736326][T25366]  kernel_clone+0x21e/0x9e0
[ 2228.740668][T25366]  ? create_io_thread+0x1e0/0x1e0
[ 2228.745528][T25366]  ? clockevents_program_event+0x22f/0x300
[ 2228.751171][T25366]  __x64_sys_clone+0x23f/0x290
[ 2228.755770][T25366]  ? __do_sys_vfork+0x130/0x130
[ 2228.760484][T25366]  do_syscall_64+0x3d/0xb0
[ 2228.764708][T25366]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2228.770353][T25366]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2228.776087][T25366] RIP: 0033:0x7fbee4946da9
[ 2228.780428][T25366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2228.799871][T25366] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2228.808112][T25366] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2228.815925][T25366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2228.823755][T25366] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2228.831661][T25366] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3a000)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xd000000, 0x3}, 0x48)

22:40:00 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xe000000, 0x3}, 0x48)

[ 2228.839448][T25366] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2228.847260][T25366]  </TASK>
22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3b000)

22:40:00 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000401000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2228.920665][T25388] FAULT_INJECTION: forcing a failure.
[ 2228.920665][T25388] name failslab, interval 1, probability 0, space 0, times 0
[ 2228.940707][T25388] CPU: 1 PID: 25388 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2228.950890][T25388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2228.960859][T25388] Call Trace:
[ 2228.963979][T25388]  <TASK>
[ 2228.966758][T25388]  dump_stack_lvl+0x151/0x1b7
[ 2228.971276][T25388]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2228.976736][T25388]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2228.982382][T25388]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2228.988457][T25388]  dump_stack+0x15/0x17
[ 2228.992445][T25388]  should_fail+0x3c6/0x510
[ 2228.996699][T25388]  __should_failslab+0xa4/0xe0
[ 2229.001299][T25388]  ? anon_vma_clone+0x9a/0x500
[ 2229.005898][T25388]  should_failslab+0x9/0x20
[ 2229.010419][T25388]  slab_pre_alloc_hook+0x37/0xd0
[ 2229.015186][T25388]  ? anon_vma_clone+0x9a/0x500
[ 2229.019787][T25388]  kmem_cache_alloc+0x44/0x200
[ 2229.024473][T25388]  anon_vma_clone+0x9a/0x500
[ 2229.028899][T25388]  anon_vma_fork+0x91/0x4e0
[ 2229.033238][T25388]  ? anon_vma_name+0x4c/0x70
[ 2229.037677][T25388]  ? vm_area_dup+0x17a/0x230
[ 2229.042095][T25388]  copy_mm+0xa3a/0x13e0
[ 2229.046086][T25388]  ? irqentry_exit+0x30/0x40
[ 2229.050513][T25388]  ? copy_signal+0x610/0x610
[ 2229.054935][T25388]  ? __init_rwsem+0xd6/0x1c0
[ 2229.059362][T25388]  ? copy_signal+0x4e3/0x610
[ 2229.063788][T25388]  copy_process+0x1149/0x3290
[ 2229.068305][T25388]  ? irqentry_exit+0x30/0x40
[ 2229.072728][T25388]  ? irqentry_exit+0x30/0x40
[ 2229.077155][T25388]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2229.082104][T25388]  ? kernel_clone+0xcd/0x9e0
[ 2229.086528][T25388]  ? kernel_clone+0x136/0x9e0
[ 2229.091063][T25388]  kernel_clone+0x21e/0x9e0
[ 2229.095402][T25388]  ? file_end_write+0x1c0/0x1c0
[ 2229.100156][T25388]  ? create_io_thread+0x1e0/0x1e0
[ 2229.105039][T25388]  ? mutex_unlock+0xb2/0x260
[ 2229.109614][T25388]  ? __mutex_lock_slowpath+0x10/0x10
[ 2229.115041][T25388]  __x64_sys_clone+0x23f/0x290
[ 2229.119631][T25388]  ? __do_sys_vfork+0x130/0x130
[ 2229.124309][T25388]  ? ksys_write+0x260/0x2c0
[ 2229.128649][T25388]  ? debug_smp_processor_id+0x17/0x20
[ 2229.133853][T25388]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2229.139768][T25388]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2229.145434][T25388]  do_syscall_64+0x3d/0xb0
[ 2229.149671][T25388]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2229.155488][T25388]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2229.161294][T25388] RIP: 0033:0x7fbee4946da9
[ 2229.165543][T25388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2229.184987][T25388] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2229.193226][T25388] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2229.201038][T25388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2229.208850][T25388] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xf000000, 0x3}, 0x48)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000501000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x10000000, 0x3}, 0x48)

[ 2229.216665][T25388] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2229.224473][T25388] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2229.232299][T25388]  </TASK>
22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3c000)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x11000000, 0x3}, 0x48)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000601000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x12000000, 0x3}, 0x48)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x13000000, 0x3}, 0x48)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x14000000, 0x3}, 0x48)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000701000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x15000000, 0x3}, 0x48)

22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3d000)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000801000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x16000000, 0x3}, 0x48)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x17000000, 0x3}, 0x48)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3e000)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x18000000, 0x3}, 0x48)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000c01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000e01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x19000000, 0x3}, 0x48)

22:40:00 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x3f000)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000f01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000001001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1a000000, 0x3}, 0x48)

22:40:00 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:01 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1b000000, 0x3}, 0x48)

22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000001801000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:01 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40000)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1c000000, 0x3}, 0x48)

22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000003c01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2229.751589][T25463] FAULT_INJECTION: forcing a failure.
[ 2229.751589][T25463] name failslab, interval 1, probability 0, space 0, times 0
[ 2229.769683][T25463] CPU: 0 PID: 25463 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2229.779861][T25463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2229.789748][T25463] Call Trace:
[ 2229.792873][T25463]  <TASK>
[ 2229.795647][T25463]  dump_stack_lvl+0x151/0x1b7
22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1d000000, 0x3}, 0x48)

22:40:01 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40002)

[ 2229.800175][T25463]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2229.805811][T25463]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2229.811363][T25463]  ? __wake_up_klogd+0xd5/0x110
[ 2229.816050][T25463]  dump_stack+0x15/0x17
[ 2229.820043][T25463]  should_fail+0x3c6/0x510
[ 2229.824302][T25463]  __should_failslab+0xa4/0xe0
[ 2229.828892][T25463]  ? anon_vma_fork+0xf7/0x4e0
[ 2229.833407][T25463]  should_failslab+0x9/0x20
[ 2229.837747][T25463]  slab_pre_alloc_hook+0x37/0xd0
[ 2229.842528][T25463]  ? anon_vma_fork+0xf7/0x4e0
[ 2229.847029][T25463]  kmem_cache_alloc+0x44/0x200
[ 2229.851656][T25463]  anon_vma_fork+0xf7/0x4e0
[ 2229.856055][T25463]  ? anon_vma_name+0x4c/0x70
[ 2229.860490][T25463]  ? vm_area_dup+0x17a/0x230
[ 2229.864907][T25463]  copy_mm+0xa3a/0x13e0
[ 2229.868909][T25463]  ? copy_signal+0x610/0x610
[ 2229.873328][T25463]  ? __init_rwsem+0xd6/0x1c0
[ 2229.877750][T25463]  ? copy_signal+0x4e3/0x610
[ 2229.882177][T25463]  copy_process+0x1149/0x3290
[ 2229.886701][T25463]  ? _raw_spin_unlock+0x4d/0x70
[ 2229.891384][T25463]  ? perf_event_context_sched_in+0x4ea/0x5e0
[ 2229.897195][T25463]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2229.902139][T25463]  ? __perf_event_task_sched_in+0x219/0x2a0
[ 2229.908129][T25463]  kernel_clone+0x21e/0x9e0
[ 2229.912466][T25463]  ? create_io_thread+0x1e0/0x1e0
[ 2229.917329][T25463]  ? finish_task_switch+0x167/0x7b0
[ 2229.922364][T25463]  __x64_sys_clone+0x23f/0x290
[ 2229.926964][T25463]  ? __do_sys_vfork+0x130/0x130
[ 2229.931647][T25463]  ? switch_fpu_return+0x1ed/0x3d0
[ 2229.936596][T25463]  ? __kasan_check_read+0x11/0x20
[ 2229.941455][T25463]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2229.946925][T25463]  do_syscall_64+0x3d/0xb0
[ 2229.951175][T25463]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2229.956817][T25463]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2229.962545][T25463] RIP: 0033:0x7fbee4946da9
[ 2229.966802][T25463] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2229.986253][T25463] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2229.994486][T25463] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1e000000, 0x3}, 0x48)

22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000004b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:01 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40003)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1f000000, 0x3}, 0x48)

22:40:01 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

[ 2230.002295][T25463] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2230.010108][T25463] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2230.017921][T25463] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2230.025739][T25463] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2230.033718][T25463]  </TASK>
22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x20000000, 0x3}, 0x48)

22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x21000000, 0x3}, 0x48)

22:40:01 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40004)

[ 2230.129042][T25483] FAULT_INJECTION: forcing a failure.
[ 2230.129042][T25483] name failslab, interval 1, probability 0, space 0, times 0
[ 2230.160597][T25483] CPU: 1 PID: 25483 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2230.170856][T25483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2230.180743][T25483] Call Trace:
[ 2230.183883][T25483]  <TASK>
[ 2230.186657][T25483]  dump_stack_lvl+0x151/0x1b7
[ 2230.191155][T25483]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2230.196626][T25483]  dump_stack+0x15/0x17
[ 2230.200620][T25483]  should_fail+0x3c6/0x510
[ 2230.205130][T25483]  __should_failslab+0xa4/0xe0
[ 2230.209730][T25483]  ? anon_vma_fork+0x1df/0x4e0
[ 2230.214332][T25483]  should_failslab+0x9/0x20
[ 2230.218677][T25483]  slab_pre_alloc_hook+0x37/0xd0
[ 2230.223442][T25483]  ? anon_vma_fork+0x1df/0x4e0
[ 2230.228057][T25483]  kmem_cache_alloc+0x44/0x200
[ 2230.232743][T25483]  anon_vma_fork+0x1df/0x4e0
[ 2230.237157][T25483]  copy_mm+0xa3a/0x13e0
[ 2230.241167][T25483]  ? copy_signal+0x610/0x610
[ 2230.245578][T25483]  ? __init_rwsem+0xd6/0x1c0
[ 2230.250002][T25483]  ? copy_signal+0x4e3/0x610
[ 2230.254427][T25483]  copy_process+0x1149/0x3290
[ 2230.258946][T25483]  ? proc_fail_nth_write+0x20b/0x290
[ 2230.264148][T25483]  ? fsnotify_perm+0x6a/0x5d0
[ 2230.268665][T25483]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2230.273607][T25483]  ? vfs_write+0x9ec/0x1110
[ 2230.277982][T25483]  kernel_clone+0x21e/0x9e0
[ 2230.282293][T25483]  ? irqentry_exit+0x30/0x40
[ 2230.286713][T25483]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2230.292355][T25483]  ? create_io_thread+0x1e0/0x1e0
[ 2230.297218][T25483]  __x64_sys_clone+0x23f/0x290
[ 2230.301823][T25483]  ? __do_sys_vfork+0x130/0x130
[ 2230.306502][T25483]  ? ksys_write+0x260/0x2c0
[ 2230.310846][T25483]  ? debug_smp_processor_id+0x17/0x20
[ 2230.316061][T25483]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2230.321951][T25483]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2230.327420][T25483]  do_syscall_64+0x3d/0xb0
[ 2230.331673][T25483]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2230.337319][T25483]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2230.343052][T25483] RIP: 0033:0x7fbee4946da9
[ 2230.347302][T25483] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2230.366738][T25483] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x22000000, 0x3}, 0x48)

22:40:01 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:01 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

22:40:01 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006201000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2230.374981][T25483] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2230.382793][T25483] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2230.390619][T25483] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2230.398418][T25483] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2230.406237][T25483] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2230.414046][T25483]  </TASK>
22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x23000000, 0x3}, 0x48)

22:40:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x54ac02a0, 0x3}, 0x48)

[ 2230.501462][T25501] FAULT_INJECTION: forcing a failure.
[ 2230.501462][T25501] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2230.519746][T25501] CPU: 0 PID: 25501 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2230.530442][T25501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2230.540333][T25501] Call Trace:
[ 2230.543452][T25501]  <TASK>
[ 2230.546231][T25501]  dump_stack_lvl+0x151/0x1b7
[ 2230.550742][T25501]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2230.556733][T25501]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2230.562200][T25501]  ? __wake_up_klogd+0xd5/0x110
[ 2230.566885][T25501]  ? dump_stack+0x9/0x17
[ 2230.570967][T25501]  dump_stack+0x15/0x17
[ 2230.574960][T25501]  should_fail+0x3c6/0x510
[ 2230.579211][T25501]  should_fail_alloc_page+0x5a/0x80
[ 2230.584247][T25501]  prepare_alloc_pages+0x15c/0x700
[ 2230.589196][T25501]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2230.594321][T25501]  __alloc_pages+0x18c/0x8f0
[ 2230.598748][T25501]  ? irqentry_exit+0x30/0x40
[ 2230.603178][T25501]  ? prep_new_page+0x110/0x110
[ 2230.607854][T25501]  ? _raw_spin_lock+0xc0/0x1b0
[ 2230.612453][T25501]  __pmd_alloc+0xb1/0x550
[ 2230.616619][T25501]  ? __pud_alloc+0x260/0x260
[ 2230.621047][T25501]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2230.627037][T25501]  copy_page_range+0x2b3d/0x2f90
[ 2230.631806][T25501]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2230.636665][T25501]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2230.641793][T25501]  ? copy_mm+0xa3a/0x13e0
[ 2230.645954][T25501]  ? copy_process+0x1149/0x3290
[ 2230.650640][T25501]  ? kernel_clone+0x21e/0x9e0
[ 2230.655165][T25501]  ? do_syscall_64+0x3d/0xb0
[ 2230.659582][T25501]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2230.665487][T25501]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2230.671128][T25501]  ? pfn_valid+0x1e0/0x1e0
[ 2230.675378][T25501]  ? irqentry_exit+0x30/0x40
[ 2230.679803][T25501]  ? irqentry_exit+0x30/0x40
[ 2230.684257][T25501]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2230.689873][T25501]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2230.695863][T25501]  copy_mm+0xc7e/0x13e0
[ 2230.699857][T25501]  ? copy_signal+0x610/0x610
[ 2230.704277][T25501]  ? __init_rwsem+0xd6/0x1c0
[ 2230.708705][T25501]  ? copy_signal+0x4e3/0x610
[ 2230.713133][T25501]  copy_process+0x1149/0x3290
[ 2230.717649][T25501]  ? timerqueue_add+0x250/0x270
[ 2230.722337][T25501]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2230.727280][T25501]  ? enqueue_hrtimer+0xca/0x240
[ 2230.731963][T25501]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2230.737187][T25501]  kernel_clone+0x21e/0x9e0
[ 2230.741524][T25501]  ? create_io_thread+0x1e0/0x1e0
[ 2230.746378][T25501]  ? clockevents_program_event+0x22f/0x300
[ 2230.753613][T25501]  __x64_sys_clone+0x23f/0x290
[ 2230.758207][T25501]  ? __do_sys_vfork+0x130/0x130
[ 2230.763028][T25501]  ? debug_smp_processor_id+0x17/0x20
[ 2230.768244][T25501]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2230.774275][T25501]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2230.779872][T25501]  do_syscall_64+0x3d/0xb0
[ 2230.784145][T25501]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2230.789753][T25501]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2230.795472][T25501] RIP: 0033:0x7fbee4946da9
[ 2230.799730][T25501] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2230.819265][T25501] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2230.827597][T25501] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2230.835399][T25501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2230.843217][T25501] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:02 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40005)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xa002ac54, 0x3}, 0x48)

[ 2230.851017][T25501] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2230.858832][T25501] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2230.866652][T25501]  </TASK>
22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:02 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xa0030000, 0x3}, 0x48)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x3}, 0x48)

22:40:02 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40006)

22:40:02 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2230.967693][T25515] FAULT_INJECTION: forcing a failure.
[ 2230.967693][T25515] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2230.990976][T25515] CPU: 0 PID: 25515 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2231.001143][T25515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2231.011036][T25515] Call Trace:
[ 2231.014157][T25515]  <TASK>
[ 2231.016937][T25515]  dump_stack_lvl+0x151/0x1b7
[ 2231.021533][T25515]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2231.027530][T25515]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2231.032994][T25515]  ? __wake_up_klogd+0xd5/0x110
[ 2231.037687][T25515]  ? dump_stack+0x9/0x17
[ 2231.041760][T25515]  dump_stack+0x15/0x17
[ 2231.045763][T25515]  should_fail+0x3c6/0x510
[ 2231.050006][T25515]  should_fail_alloc_page+0x5a/0x80
[ 2231.055136][T25515]  prepare_alloc_pages+0x15c/0x700
[ 2231.060088][T25515]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2231.065130][T25515]  __alloc_pages+0x18c/0x8f0
[ 2231.069547][T25515]  ? prep_new_page+0x110/0x110
[ 2231.074142][T25515]  ? __alloc_pages+0x27e/0x8f0
[ 2231.078742][T25515]  ? irqentry_exit+0x30/0x40
[ 2231.083166][T25515]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2231.088896][T25515]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2231.094882][T25515]  pte_alloc_one+0x73/0x1b0
[ 2231.099237][T25515]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2231.104261][T25515]  ? __pmd_alloc+0x48d/0x550
[ 2231.108680][T25515]  __pte_alloc+0x86/0x350
[ 2231.112939][T25515]  ? __pud_alloc+0x260/0x260
[ 2231.117377][T25515]  ? __pud_alloc+0x213/0x260
[ 2231.121884][T25515]  ? free_pgtables+0x280/0x280
[ 2231.126472][T25515]  ? do_handle_mm_fault+0x2330/0x2330
[ 2231.131682][T25515]  copy_page_range+0x28a8/0x2f90
[ 2231.136453][T25515]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2231.141313][T25515]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2231.146437][T25515]  ? kernel_clone+0x21e/0x9e0
[ 2231.150948][T25515]  ? do_syscall_64+0x3d/0xb0
[ 2231.155470][T25515]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2231.161368][T25515]  ? pfn_valid+0x1e0/0x1e0
[ 2231.165639][T25515]  ? rwsem_write_trylock+0x15b/0x290
[ 2231.170738][T25515]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2231.177027][T25515]  copy_mm+0xc7e/0x13e0
[ 2231.180979][T25515]  ? copy_signal+0x610/0x610
[ 2231.185403][T25515]  ? __init_rwsem+0xd6/0x1c0
[ 2231.189832][T25515]  ? copy_signal+0x4e3/0x610
[ 2231.194261][T25515]  copy_process+0x1149/0x3290
[ 2231.198775][T25515]  ? timerqueue_add+0x250/0x270
[ 2231.203458][T25515]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2231.208403][T25515]  ? enqueue_hrtimer+0xca/0x240
[ 2231.213093][T25515]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2231.218301][T25515]  kernel_clone+0x21e/0x9e0
[ 2231.222638][T25515]  ? irqentry_exit+0x30/0x40
[ 2231.227064][T25515]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2231.232709][T25515]  ? create_io_thread+0x1e0/0x1e0
[ 2231.237575][T25515]  __x64_sys_clone+0x23f/0x290
[ 2231.242166][T25515]  ? __do_sys_vfork+0x130/0x130
[ 2231.246854][T25515]  do_syscall_64+0x3d/0xb0
[ 2231.251105][T25515]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2231.256748][T25515]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2231.262477][T25515] RIP: 0033:0x7fbee4946da9
[ 2231.266731][T25515] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2231.286170][T25515] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2231.294413][T25515] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2231.302226][T25515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2231.310133][T25515] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2}, 0x48)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x48)

[ 2231.317936][T25515] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2231.325749][T25515] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2231.333571][T25515]  </TASK>
22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4}, 0x48)

22:40:02 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40007)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000006b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5}, 0x48)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x6}, 0x48)

22:40:02 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x7}, 0x48)

22:40:02 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x8}, 0x48)

22:40:02 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40008)

22:40:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x9}, 0x48)

22:40:02 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007201000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2231.486872][T25557] FAULT_INJECTION: forcing a failure.
[ 2231.486872][T25557] name failslab, interval 1, probability 0, space 0, times 0
[ 2231.527019][T25557] CPU: 0 PID: 25557 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2231.537188][T25557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2231.547077][T25557] Call Trace:
[ 2231.550200][T25557]  <TASK>
[ 2231.552983][T25557]  dump_stack_lvl+0x151/0x1b7
[ 2231.557492][T25557]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2231.562958][T25557]  dump_stack+0x15/0x17
[ 2231.566950][T25557]  should_fail+0x3c6/0x510
[ 2231.571206][T25557]  __should_failslab+0xa4/0xe0
[ 2231.575807][T25557]  ? anon_vma_clone+0x9a/0x500
[ 2231.580404][T25557]  should_failslab+0x9/0x20
[ 2231.584742][T25557]  slab_pre_alloc_hook+0x37/0xd0
[ 2231.589517][T25557]  ? anon_vma_clone+0x9a/0x500
[ 2231.594117][T25557]  kmem_cache_alloc+0x44/0x200
[ 2231.598716][T25557]  anon_vma_clone+0x9a/0x500
[ 2231.603146][T25557]  anon_vma_fork+0x91/0x4e0
[ 2231.607483][T25557]  ? anon_vma_name+0x4c/0x70
[ 2231.611994][T25557]  ? vm_area_dup+0x17a/0x230
[ 2231.616427][T25557]  copy_mm+0xa3a/0x13e0
[ 2231.620443][T25557]  ? copy_signal+0x610/0x610
[ 2231.624849][T25557]  ? __init_rwsem+0xd6/0x1c0
[ 2231.629266][T25557]  ? copy_signal+0x4e3/0x610
[ 2231.633695][T25557]  copy_process+0x1149/0x3290
[ 2231.638209][T25557]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2231.643156][T25557]  kernel_clone+0x21e/0x9e0
[ 2231.647496][T25557]  ? create_io_thread+0x1e0/0x1e0
[ 2231.652365][T25557]  ? clockevents_program_event+0x22f/0x300
[ 2231.657997][T25557]  __x64_sys_clone+0x23f/0x290
[ 2231.662703][T25557]  ? __do_sys_vfork+0x130/0x130
[ 2231.667380][T25557]  ? debug_smp_processor_id+0x17/0x20
[ 2231.672637][T25557]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2231.678480][T25557]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2231.683952][T25557]  do_syscall_64+0x3d/0xb0
[ 2231.688201][T25557]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2231.693932][T25557]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2231.699664][T25557] RIP: 0033:0x7fbee4946da9
[ 2231.703913][T25557] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2231.723351][T25557] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xa}, 0x48)

[ 2231.731680][T25557] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2231.739494][T25557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2231.747304][T25557] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2231.755130][T25557] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2231.762928][T25557] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2231.770743][T25557]  </TASK>
22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xb}, 0x48)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40009)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007901000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xc}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007a01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xd}, 0x48)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xe}, 0x48)

22:40:03 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000007b01000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xf}, 0x48)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4000a)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000008301000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x10}, 0x48)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x11}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000003000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4000b)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x12}, 0x48)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x13}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000005000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x14}, 0x48)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4000c)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x15}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000006000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x16}, 0x48)

22:40:03 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000007000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x17}, 0x48)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4000d)

22:40:03 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x18}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000a000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x19}, 0x48)

22:40:03 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4000f)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1a}, 0x48)

[ 2232.305007][T25640] FAULT_INJECTION: forcing a failure.
[ 2232.305007][T25640] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.317955][T25640] CPU: 1 PID: 25640 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2232.328128][T25640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2232.338002][T25640] Call Trace:
[ 2232.341124][T25640]  <TASK>
[ 2232.343907][T25640]  dump_stack_lvl+0x151/0x1b7
[ 2232.348417][T25640]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2232.353888][T25640]  dump_stack+0x15/0x17
[ 2232.357877][T25640]  should_fail+0x3c6/0x510
[ 2232.362140][T25640]  __should_failslab+0xa4/0xe0
[ 2232.366729][T25640]  ? anon_vma_fork+0xf7/0x4e0
[ 2232.371243][T25640]  should_failslab+0x9/0x20
[ 2232.375584][T25640]  slab_pre_alloc_hook+0x37/0xd0
[ 2232.380354][T25640]  ? anon_vma_fork+0xf7/0x4e0
[ 2232.384869][T25640]  kmem_cache_alloc+0x44/0x200
[ 2232.389470][T25640]  anon_vma_fork+0xf7/0x4e0
[ 2232.393809][T25640]  ? anon_vma_name+0x4c/0x70
[ 2232.398235][T25640]  ? vm_area_dup+0x17a/0x230
[ 2232.402662][T25640]  copy_mm+0xa3a/0x13e0
[ 2232.406660][T25640]  ? copy_signal+0x610/0x610
[ 2232.411079][T25640]  ? __init_rwsem+0xd6/0x1c0
[ 2232.415522][T25640]  ? copy_signal+0x4e3/0x610
[ 2232.419938][T25640]  copy_process+0x1149/0x3290
[ 2232.424447][T25640]  ? timerqueue_add+0x250/0x270
[ 2232.429136][T25640]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2232.434081][T25640]  ? enqueue_hrtimer+0xca/0x240
[ 2232.438767][T25640]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2232.443975][T25640]  kernel_clone+0x21e/0x9e0
[ 2232.448314][T25640]  ? create_io_thread+0x1e0/0x1e0
[ 2232.453177][T25640]  ? clockevents_program_event+0x22f/0x300
[ 2232.458827][T25640]  __x64_sys_clone+0x23f/0x290
[ 2232.463415][T25640]  ? __do_sys_vfork+0x130/0x130
[ 2232.468105][T25640]  ? debug_smp_processor_id+0x17/0x20
[ 2232.473310][T25640]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2232.479211][T25640]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2232.484679][T25640]  do_syscall_64+0x3d/0xb0
[ 2232.488930][T25640]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2232.494579][T25640]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2232.500301][T25640] RIP: 0033:0x7fbee4946da9
[ 2232.504585][T25640] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2232.523999][T25640] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2232.532244][T25640] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2232.540057][T25640] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2232.547864][T25640] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000c000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:03 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000e000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2232.555676][T25640] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2232.563499][T25640] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2232.571301][T25640]  </TASK>
22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1b}, 0x48)

22:40:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1c}, 0x48)

22:40:03 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000013000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2232.613784][T25651] FAULT_INJECTION: forcing a failure.
[ 2232.613784][T25651] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.653881][T25651] CPU: 1 PID: 25651 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2232.664052][T25651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2232.673946][T25651] Call Trace:
[ 2232.677068][T25651]  <TASK>
[ 2232.679846][T25651]  dump_stack_lvl+0x151/0x1b7
[ 2232.684371][T25651]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2232.689825][T25651]  ? avc_denied+0x1b0/0x1b0
[ 2232.694162][T25651]  dump_stack+0x15/0x17
[ 2232.698150][T25651]  should_fail+0x3c6/0x510
[ 2232.702492][T25651]  __should_failslab+0xa4/0xe0
[ 2232.707092][T25651]  ? vm_area_dup+0x26/0x230
[ 2232.711438][T25651]  should_failslab+0x9/0x20
[ 2232.715771][T25651]  slab_pre_alloc_hook+0x37/0xd0
[ 2232.720546][T25651]  ? vm_area_dup+0x26/0x230
[ 2232.724881][T25651]  kmem_cache_alloc+0x44/0x200
[ 2232.729480][T25651]  vm_area_dup+0x26/0x230
[ 2232.733648][T25651]  copy_mm+0x9a1/0x13e0
[ 2232.737655][T25651]  ? copy_signal+0x610/0x610
[ 2232.742066][T25651]  ? __init_rwsem+0xd6/0x1c0
[ 2232.746493][T25651]  ? copy_signal+0x4e3/0x610
[ 2232.750921][T25651]  copy_process+0x1149/0x3290
[ 2232.755435][T25651]  ? _raw_spin_unlock+0x4d/0x70
[ 2232.760121][T25651]  ? perf_event_context_sched_in+0x4ea/0x5e0
[ 2232.765937][T25651]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2232.770880][T25651]  ? __perf_event_task_sched_in+0x219/0x2a0
[ 2232.776615][T25651]  kernel_clone+0x21e/0x9e0
[ 2232.780950][T25651]  ? create_io_thread+0x1e0/0x1e0
[ 2232.785819][T25651]  ? finish_task_switch+0x167/0x7b0
[ 2232.791018][T25651]  __x64_sys_clone+0x23f/0x290
[ 2232.795615][T25651]  ? __do_sys_vfork+0x130/0x130
[ 2232.800304][T25651]  ? switch_fpu_return+0x1ed/0x3d0
[ 2232.805251][T25651]  ? __kasan_check_read+0x11/0x20
[ 2232.810113][T25651]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2232.815580][T25651]  do_syscall_64+0x3d/0xb0
[ 2232.819832][T25651]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2232.825562][T25651]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2232.831290][T25651] RIP: 0033:0x7fbee4946da9
[ 2232.835562][T25651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2232.854983][T25651] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:04 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40010)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1d}, 0x48)

22:40:04 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

22:40:04 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2232.863250][T25651] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2232.871230][T25651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2232.879029][T25651] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2232.886925][T25651] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2232.894741][T25651] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2232.902572][T25651]  </TASK>
22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1e}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000014000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2232.951203][T25666] FAULT_INJECTION: forcing a failure.
[ 2232.951203][T25666] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.971865][T25666] CPU: 1 PID: 25666 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2232.982032][T25666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2232.991927][T25666] Call Trace:
[ 2232.995047][T25666]  <TASK>
[ 2232.997837][T25666]  dump_stack_lvl+0x151/0x1b7
[ 2233.002340][T25666]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2233.007893][T25666]  dump_stack+0x15/0x17
[ 2233.011886][T25666]  should_fail+0x3c6/0x510
[ 2233.016138][T25666]  __should_failslab+0xa4/0xe0
[ 2233.020739][T25666]  ? anon_vma_clone+0x9a/0x500
[ 2233.025339][T25666]  should_failslab+0x9/0x20
[ 2233.029681][T25666]  slab_pre_alloc_hook+0x37/0xd0
[ 2233.034452][T25666]  ? anon_vma_clone+0x9a/0x500
[ 2233.039054][T25666]  kmem_cache_alloc+0x44/0x200
[ 2233.043652][T25666]  anon_vma_clone+0x9a/0x500
[ 2233.048086][T25666]  anon_vma_fork+0x91/0x4e0
[ 2233.052420][T25666]  ? anon_vma_name+0x4c/0x70
[ 2233.056854][T25666]  ? vm_area_dup+0x17a/0x230
[ 2233.061290][T25666]  copy_mm+0xa3a/0x13e0
[ 2233.065269][T25666]  ? copy_signal+0x610/0x610
[ 2233.069688][T25666]  ? __init_rwsem+0xd6/0x1c0
[ 2233.074117][T25666]  ? copy_signal+0x4e3/0x610
[ 2233.078543][T25666]  copy_process+0x1149/0x3290
[ 2233.083056][T25666]  ? proc_fail_nth_write+0x20b/0x290
[ 2233.088175][T25666]  ? fsnotify_perm+0x6a/0x5d0
[ 2233.092689][T25666]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2233.097639][T25666]  ? vfs_write+0x9ec/0x1110
[ 2233.102071][T25666]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2233.107271][T25666]  kernel_clone+0x21e/0x9e0
[ 2233.111611][T25666]  ? file_end_write+0x1c0/0x1c0
[ 2233.116298][T25666]  ? create_io_thread+0x1e0/0x1e0
[ 2233.121289][T25666]  ? mutex_unlock+0xb2/0x260
[ 2233.125703][T25666]  ? __mutex_lock_slowpath+0x10/0x10
[ 2233.130821][T25666]  __x64_sys_clone+0x23f/0x290
[ 2233.135681][T25666]  ? __do_sys_vfork+0x130/0x130
[ 2233.140365][T25666]  ? ksys_write+0x260/0x2c0
[ 2233.144706][T25666]  ? debug_smp_processor_id+0x17/0x20
[ 2233.149914][T25666]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2233.155818][T25666]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2233.161305][T25666]  do_syscall_64+0x3d/0xb0
[ 2233.165626][T25666]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2233.171266][T25666]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2233.176996][T25666] RIP: 0033:0x7fbee4946da9
[ 2233.181268][T25666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x21}, 0x48)

22:40:04 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40011)

[ 2233.200693][T25666] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2233.208930][T25666] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2233.216746][T25666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2233.224556][T25666] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2233.232365][T25666] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2233.240178][T25666] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2233.248009][T25666]  </TASK>
22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x22}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000019000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x23}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000021000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40030)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x300}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000003f000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3a0}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000081000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x500}, 0x48)

22:40:04 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40041)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x600}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000083000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x700}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000002000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x900}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000003000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000004000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xa00}, 0x48)

22:40:04 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40248)

22:40:04 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

22:40:04 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xb00}, 0x48)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000005000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:04 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:04 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000006000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xc00}, 0x48)

[ 2233.646744][T25724] FAULT_INJECTION: forcing a failure.
[ 2233.646744][T25724] name failslab, interval 1, probability 0, space 0, times 0
[ 2233.669845][T25724] CPU: 1 PID: 25724 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2233.680010][T25724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2233.689904][T25724] Call Trace:
[ 2233.693024][T25724]  <TASK>
[ 2233.695814][T25724]  dump_stack_lvl+0x151/0x1b7
[ 2233.700318][T25724]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2233.705782][T25724]  ? irqentry_exit+0x30/0x40
[ 2233.710203][T25724]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2233.715847][T25724]  dump_stack+0x15/0x17
[ 2233.719926][T25724]  should_fail+0x3c6/0x510
[ 2233.724190][T25724]  __should_failslab+0xa4/0xe0
[ 2233.728777][T25724]  ? anon_vma_clone+0x9a/0x500
[ 2233.733393][T25724]  should_failslab+0x9/0x20
[ 2233.737718][T25724]  slab_pre_alloc_hook+0x37/0xd0
[ 2233.742495][T25724]  ? anon_vma_clone+0x9a/0x500
[ 2233.747098][T25724]  kmem_cache_alloc+0x44/0x200
[ 2233.751692][T25724]  anon_vma_clone+0x9a/0x500
[ 2233.756119][T25724]  anon_vma_fork+0x91/0x4e0
[ 2233.760458][T25724]  ? anon_vma_name+0x4c/0x70
[ 2233.764885][T25724]  ? vm_area_dup+0x17a/0x230
[ 2233.769309][T25724]  copy_mm+0xa3a/0x13e0
[ 2233.773479][T25724]  ? copy_signal+0x610/0x610
[ 2233.777902][T25724]  ? __init_rwsem+0xd6/0x1c0
[ 2233.782328][T25724]  ? copy_signal+0x4e3/0x610
[ 2233.786755][T25724]  copy_process+0x1149/0x3290
[ 2233.791271][T25724]  ? __sanitizer_cov_trace_const_cmp2+0x90/0x90
[ 2233.797431][T25724]  ? proc_fail_nth_write+0x20b/0x290
[ 2233.802554][T25724]  ? irqentry_exit+0x30/0x40
[ 2233.806977][T25724]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2233.811925][T25724]  ? kernel_clone+0x149/0x9e0
[ 2233.816449][T25724]  ? kernel_clone+0x1af/0x9e0
[ 2233.820954][T25724]  kernel_clone+0x21e/0x9e0
[ 2233.825293][T25724]  ? file_end_write+0x1c0/0x1c0
[ 2233.830065][T25724]  ? create_io_thread+0x1e0/0x1e0
[ 2233.834927][T25724]  ? mutex_unlock+0xb2/0x260
[ 2233.839351][T25724]  ? __mutex_lock_slowpath+0x10/0x10
[ 2233.844474][T25724]  __x64_sys_clone+0x23f/0x290
[ 2233.849073][T25724]  ? __do_sys_vfork+0x130/0x130
[ 2233.853757][T25724]  ? ksys_write+0x260/0x2c0
[ 2233.858106][T25724]  ? debug_smp_processor_id+0x17/0x20
[ 2233.863306][T25724]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2233.869219][T25724]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2233.874686][T25724]  do_syscall_64+0x3d/0xb0
[ 2233.878932][T25724]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2233.884689][T25724]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2233.890384][T25724] RIP: 0033:0x7fbee4946da9
[ 2233.894640][T25724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2233.914080][T25724] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2233.922332][T25724] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2233.930152][T25724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2233.937950][T25724] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2233.945760][T25724] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:05 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40249)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xd00}, 0x48)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000007000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2233.953573][T25724] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2233.961387][T25724]  </TASK>
22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xe00}, 0x48)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000008000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xf00}, 0x48)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000a000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40300)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1100}, 0x48)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000c000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1200}, 0x48)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1300}, 0x48)

22:40:05 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:05 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000e000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40500)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1400}, 0x48)

[ 2234.227144][T25762] FAULT_INJECTION: forcing a failure.
[ 2234.227144][T25762] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2234.261118][T25762] CPU: 0 PID: 25762 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2234.271294][T25762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2234.281273][T25762] Call Trace:
[ 2234.284386][T25762]  <TASK>
[ 2234.287164][T25762]  dump_stack_lvl+0x151/0x1b7
[ 2234.291676][T25762]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2234.297160][T25762]  dump_stack+0x15/0x17
[ 2234.301136][T25762]  should_fail+0x3c6/0x510
[ 2234.305390][T25762]  should_fail_alloc_page+0x5a/0x80
[ 2234.310424][T25762]  prepare_alloc_pages+0x15c/0x700
[ 2234.315372][T25762]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2234.320403][T25762]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2234.326045][T25762]  __alloc_pages+0x18c/0x8f0
[ 2234.330476][T25762]  ? prep_new_page+0x110/0x110
[ 2234.335073][T25762]  ? __kasan_check_write+0x14/0x20
[ 2234.340017][T25762]  ? _raw_spin_lock+0xa4/0x1b0
[ 2234.344690][T25762]  pte_alloc_one+0x73/0x1b0
[ 2234.348964][T25762]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2234.354078][T25762]  ? __pmd_alloc+0x48d/0x550
[ 2234.358507][T25762]  __pte_alloc+0x86/0x350
[ 2234.362676][T25762]  ? __pud_alloc+0x260/0x260
[ 2234.367096][T25762]  ? free_pgtables+0x280/0x280
[ 2234.371724][T25762]  copy_page_range+0x28a8/0x2f90
[ 2234.376473][T25762]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2234.381335][T25762]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2234.386456][T25762]  ? kernel_clone+0x21e/0x9e0
[ 2234.390966][T25762]  ? do_syscall_64+0x3d/0xb0
[ 2234.395389][T25762]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2234.401296][T25762]  ? irqentry_exit+0x30/0x40
[ 2234.405751][T25762]  ? pfn_valid+0x1e0/0x1e0
[ 2234.410101][T25762]  ? vma_gap_callbacks_rotate+0xb7/0x210
[ 2234.415555][T25762]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2234.421105][T25762]  ? __rb_insert_augmented+0x5de/0x610
[ 2234.426399][T25762]  copy_mm+0xc7e/0x13e0
[ 2234.430392][T25762]  ? copy_signal+0x610/0x610
[ 2234.434815][T25762]  ? __init_rwsem+0xd6/0x1c0
[ 2234.439244][T25762]  ? copy_signal+0x4e3/0x610
[ 2234.443667][T25762]  copy_process+0x1149/0x3290
[ 2234.448181][T25762]  ? timerqueue_add+0x250/0x270
[ 2234.452866][T25762]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2234.457831][T25762]  ? enqueue_hrtimer+0xca/0x240
[ 2234.462502][T25762]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2234.467712][T25762]  kernel_clone+0x21e/0x9e0
[ 2234.472051][T25762]  ? create_io_thread+0x1e0/0x1e0
[ 2234.477009][T25762]  ? clockevents_program_event+0x22f/0x300
[ 2234.483274][T25762]  __x64_sys_clone+0x23f/0x290
[ 2234.487946][T25762]  ? __do_sys_vfork+0x130/0x130
[ 2234.492737][T25762]  ? syscall_enter_from_user_mode+0x102/0x1b0
[ 2234.498720][T25762]  do_syscall_64+0x3d/0xb0
[ 2234.502970][T25762]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2234.508606][T25762]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2234.514350][T25762] RIP: 0033:0x7fbee4946da9
[ 2234.518590][T25762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2234.538030][T25762] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2234.546274][T25762] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2234.554087][T25762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2234.561900][T25762] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2234.569795][T25762] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000010000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1500}, 0x48)

22:40:05 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

22:40:05 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1600}, 0x48)

22:40:05 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000013000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2234.577606][T25762] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2234.585436][T25762]  </TASK>
22:40:05 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40600)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1700}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000014000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2234.643200][T25775] FAULT_INJECTION: forcing a failure.
[ 2234.643200][T25775] name failslab, interval 1, probability 0, space 0, times 0
[ 2234.683841][T25775] CPU: 1 PID: 25775 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2234.694007][T25775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2234.703921][T25775] Call Trace:
[ 2234.707024][T25775]  <TASK>
[ 2234.709801][T25775]  dump_stack_lvl+0x151/0x1b7
[ 2234.714315][T25775]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2234.719788][T25775]  dump_stack+0x15/0x17
[ 2234.723774][T25775]  should_fail+0x3c6/0x510
[ 2234.728027][T25775]  __should_failslab+0xa4/0xe0
[ 2234.732633][T25775]  ? anon_vma_clone+0x9a/0x500
[ 2234.737240][T25775]  should_failslab+0x9/0x20
[ 2234.741564][T25775]  slab_pre_alloc_hook+0x37/0xd0
[ 2234.746347][T25775]  ? anon_vma_clone+0x9a/0x500
[ 2234.750936][T25775]  kmem_cache_alloc+0x44/0x200
[ 2234.755536][T25775]  anon_vma_clone+0x9a/0x500
[ 2234.760049][T25775]  anon_vma_fork+0x91/0x4e0
[ 2234.764392][T25775]  ? anon_vma_name+0x4c/0x70
[ 2234.768812][T25775]  ? vm_area_dup+0x17a/0x230
[ 2234.773244][T25775]  copy_mm+0xa3a/0x13e0
[ 2234.777249][T25775]  ? copy_signal+0x610/0x610
[ 2234.781664][T25775]  ? __init_rwsem+0xd6/0x1c0
[ 2234.786172][T25775]  ? copy_signal+0x4e3/0x610
[ 2234.790599][T25775]  copy_process+0x1149/0x3290
[ 2234.795121][T25775]  ? proc_fail_nth_write+0x20b/0x290
[ 2234.800240][T25775]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2234.805193][T25775]  ? vfs_write+0x9ec/0x1110
[ 2234.809609][T25775]  ? irqentry_exit+0x30/0x40
[ 2234.814132][T25775]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2234.819773][T25775]  kernel_clone+0x21e/0x9e0
[ 2234.824120][T25775]  ? irqentry_exit+0x30/0x40
[ 2234.828539][T25775]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2234.834182][T25775]  ? create_io_thread+0x1e0/0x1e0
[ 2234.839042][T25775]  __x64_sys_clone+0x23f/0x290
[ 2234.843640][T25775]  ? __do_sys_vfork+0x130/0x130
[ 2234.848343][T25775]  ? ksys_write+0x260/0x2c0
[ 2234.852756][T25775]  ? debug_smp_processor_id+0x17/0x20
[ 2234.857962][T25775]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2234.863950][T25775]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2234.869418][T25775]  do_syscall_64+0x3d/0xb0
[ 2234.873669][T25775]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2234.879312][T25775]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2234.885038][T25775] RIP: 0033:0x7fbee4946da9
[ 2234.889291][T25775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2234.908736][T25775] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2234.916988][T25775] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2234.924798][T25775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:40:06 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1800}, 0x48)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1900}, 0x48)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40700)

[ 2234.932950][T25775] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2234.940758][T25775] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2234.948607][T25775] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2234.956480][T25775]  </TASK>
22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000019000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1a00}, 0x48)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1b00}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000021000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1c00}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000083000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40900)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1d00}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000030018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1e00}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000070018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1f00}, 0x48)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40a00)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000090018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2000}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000000a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2100}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001020018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2200}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001030018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40b00)

22:40:06 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2300}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001040018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40c00)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1000000}, 0x48)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001050018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001060018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2000000}, 0x48)

22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40d00)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3000000}, 0x48)

[ 2235.450517][T25849] FAULT_INJECTION: forcing a failure.
[ 2235.450517][T25849] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2235.470471][T25849] CPU: 0 PID: 25849 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2235.480636][T25849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2235.490531][T25849] Call Trace:
[ 2235.493657][T25849]  <TASK>
[ 2235.496433][T25849]  dump_stack_lvl+0x151/0x1b7
22:40:06 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x0, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:06 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4000000}, 0x48)

[ 2235.500948][T25849]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2235.506416][T25849]  dump_stack+0x15/0x17
[ 2235.510556][T25849]  should_fail+0x3c6/0x510
[ 2235.514981][T25849]  should_fail_alloc_page+0x5a/0x80
[ 2235.520014][T25849]  prepare_alloc_pages+0x15c/0x700
[ 2235.524971][T25849]  ? __alloc_pages+0x8f0/0x8f0
[ 2235.529564][T25849]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2235.534598][T25849]  __alloc_pages+0x18c/0x8f0
[ 2235.539026][T25849]  ? prep_new_page+0x110/0x110
[ 2235.543622][T25849]  ? 0xffffffffa0030000
22:40:06 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40e00)

[ 2235.547614][T25849]  ? is_bpf_text_address+0x172/0x190
[ 2235.552739][T25849]  pte_alloc_one+0x73/0x1b0
[ 2235.557074][T25849]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2235.562121][T25849]  __pte_alloc+0x86/0x350
[ 2235.566271][T25849]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2235.572356][T25849]  ? free_pgtables+0x280/0x280
[ 2235.576950][T25849]  ? copy_page_range+0xe3c/0x2f90
[ 2235.581815][T25849]  ? __memmove+0x1a0/0x1a0
[ 2235.586059][T25849]  copy_page_range+0x28a8/0x2f90
[ 2235.590855][T25849]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2235.595882][T25849]  ? pfn_valid+0x1e0/0x1e0
[ 2235.600127][T25849]  ? __vma_link_rb+0x4c5/0x550
[ 2235.604724][T25849]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[ 2235.610281][T25849]  ? __rb_insert_augmented+0x5de/0x610
[ 2235.615713][T25849]  copy_mm+0xc7e/0x13e0
[ 2235.619703][T25849]  ? copy_signal+0x610/0x610
[ 2235.624130][T25849]  ? __init_rwsem+0xd6/0x1c0
[ 2235.628550][T25849]  ? copy_signal+0x4e3/0x610
[ 2235.632971][T25849]  copy_process+0x1149/0x3290
[ 2235.637499][T25849]  ? timerqueue_add+0x250/0x270
[ 2235.642178][T25849]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2235.647123][T25849]  ? enqueue_hrtimer+0xca/0x240
[ 2235.651815][T25849]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2235.657100][T25849]  kernel_clone+0x21e/0x9e0
[ 2235.661439][T25849]  ? create_io_thread+0x1e0/0x1e0
[ 2235.666300][T25849]  ? clockevents_program_event+0x22f/0x300
[ 2235.671941][T25849]  __x64_sys_clone+0x23f/0x290
[ 2235.676565][T25849]  ? __do_sys_vfork+0x130/0x130
[ 2235.681235][T25849]  do_syscall_64+0x3d/0xb0
[ 2235.685482][T25849]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2235.691125][T25849]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2235.696848][T25849] RIP: 0033:0x7fbee4946da9
[ 2235.701102][T25849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2235.720542][T25849] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2235.728786][T25849] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2235.736610][T25849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:40:07 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x40f00)

22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x5000000}, 0x48)

[ 2235.744409][T25849] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2235.752220][T25849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2235.760047][T25849] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2235.767850][T25849]  </TASK>
22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x6000000}, 0x48)

22:40:07 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41001)

22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x7000000}, 0x48)

22:40:07 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001070018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:07 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x0, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:07 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x8000000}, 0x48)

22:40:07 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001080018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2235.909881][T25888] FAULT_INJECTION: forcing a failure.
[ 2235.909881][T25888] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2235.924069][T25888] CPU: 1 PID: 25888 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2235.934228][T25888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2235.944124][T25888] Call Trace:
[ 2235.947245][T25888]  <TASK>
[ 2235.950032][T25888]  dump_stack_lvl+0x151/0x1b7
[ 2235.954537][T25888]  ? io_uring_drop_tctx_refs+0x190/0x190
22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x9000000}, 0x48)

22:40:07 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x0, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2235.960005][T25888]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2235.965648][T25888]  dump_stack+0x15/0x17
[ 2235.969728][T25888]  should_fail+0x3c6/0x510
[ 2235.973978][T25888]  should_fail_alloc_page+0x5a/0x80
[ 2235.979110][T25888]  prepare_alloc_pages+0x15c/0x700
[ 2235.984061][T25888]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2235.989091][T25888]  ? sched_clock+0x9/0x10
[ 2235.993259][T25888]  ? native_set_ldt+0x360/0x360
[ 2235.997942][T25888]  __alloc_pages+0x18c/0x8f0
[ 2236.002452][T25888]  ? _raw_spin_unlock+0x4d/0x70
[ 2236.007138][T25888]  ? prep_new_page+0x110/0x110
[ 2236.011740][T25888]  pte_alloc_one+0x73/0x1b0
[ 2236.016076][T25888]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2236.021117][T25888]  __pte_alloc+0x86/0x350
[ 2236.025275][T25888]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2236.030919][T25888]  ? free_pgtables+0x280/0x280
[ 2236.035521][T25888]  ? __kasan_check_write+0x14/0x20
[ 2236.040496][T25888]  copy_page_range+0x28a8/0x2f90
[ 2236.045250][T25888]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2236.050112][T25888]  ? pfn_valid+0x1e0/0x1e0
[ 2236.054354][T25888]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[ 2236.059907][T25888]  ? __rb_insert_augmented+0x5de/0x610
[ 2236.065207][T25888]  copy_mm+0xc7e/0x13e0
[ 2236.069202][T25888]  ? irqentry_exit+0x30/0x40
[ 2236.073628][T25888]  ? copy_signal+0x610/0x610
[ 2236.078055][T25888]  ? __init_rwsem+0xd6/0x1c0
[ 2236.082474][T25888]  ? copy_signal+0x4e3/0x610
[ 2236.086899][T25888]  copy_process+0x1149/0x3290
[ 2236.091415][T25888]  ? proc_fail_nth_write+0x20b/0x290
[ 2236.096543][T25888]  ? fsnotify_perm+0x6a/0x5d0
[ 2236.101045][T25888]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2236.105994][T25888]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2236.111981][T25888]  kernel_clone+0x21e/0x9e0
[ 2236.116322][T25888]  ? create_io_thread+0x1e0/0x1e0
[ 2236.121182][T25888]  ? mutex_unlock+0xb2/0x260
[ 2236.125609][T25888]  ? __mutex_lock_slowpath+0x10/0x10
[ 2236.130730][T25888]  __x64_sys_clone+0x23f/0x290
[ 2236.135335][T25888]  ? __do_sys_vfork+0x130/0x130
[ 2236.140019][T25888]  ? ksys_write+0x260/0x2c0
[ 2236.144371][T25888]  ? debug_smp_processor_id+0x17/0x20
[ 2236.149573][T25888]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2236.155468][T25888]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2236.160935][T25888]  do_syscall_64+0x3d/0xb0
[ 2236.165188][T25888]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2236.170836][T25888]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2236.176833][T25888] RIP: 0033:0x7fbee4946da9
[ 2236.181083][T25888] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2236.200621][T25888] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xa000000}, 0x48)

22:40:07 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001090018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:07 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41100)

[ 2236.208854][T25888] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2236.216666][T25888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2236.224476][T25888] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2236.232288][T25888] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2236.240099][T25888] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2236.247914][T25888]  </TASK>
22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xb000000}, 0x48)

22:40:07 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

22:40:07 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000010a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xc000000}, 0x48)

22:40:07 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41200)

22:40:07 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xd000000}, 0x48)

[ 2236.391256][T25906] FAULT_INJECTION: forcing a failure.
[ 2236.391256][T25906] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2236.417524][T25906] CPU: 0 PID: 25906 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2236.427689][T25906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2236.437584][T25906] Call Trace:
22:40:07 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000010c0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:07 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2236.440725][T25906]  <TASK>
[ 2236.443483][T25906]  dump_stack_lvl+0x151/0x1b7
[ 2236.447997][T25906]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2236.453478][T25906]  dump_stack+0x15/0x17
[ 2236.457460][T25906]  should_fail+0x3c6/0x510
[ 2236.461708][T25906]  should_fail_alloc_page+0x5a/0x80
[ 2236.466742][T25906]  prepare_alloc_pages+0x15c/0x700
[ 2236.471693][T25906]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2236.476728][T25906]  __alloc_pages+0x18c/0x8f0
[ 2236.481145][T25906]  ? prep_new_page+0x110/0x110
[ 2236.485742][T25906]  ? __alloc_pages+0x27e/0x8f0
[ 2236.490345][T25906]  ? __kasan_check_write+0x14/0x20
[ 2236.495291][T25906]  ? _raw_spin_lock+0xa4/0x1b0
[ 2236.499891][T25906]  __pmd_alloc+0xb1/0x550
[ 2236.504146][T25906]  ? __pud_alloc+0x260/0x260
[ 2236.508571][T25906]  ? __pud_alloc+0x213/0x260
[ 2236.512997][T25906]  ? do_handle_mm_fault+0x2330/0x2330
[ 2236.518208][T25906]  copy_page_range+0x2b3d/0x2f90
[ 2236.522990][T25906]  ? preempt_schedule_irq+0xe7/0x140
[ 2236.528102][T25906]  ? pfn_valid+0x1e0/0x1e0
[ 2236.532352][T25906]  ? rwsem_write_trylock+0x15b/0x290
[ 2236.537474][T25906]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2236.543117][T25906]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2236.549372][T25906]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2236.554926][T25906]  ? __rb_insert_augmented+0x5de/0x610
[ 2236.560224][T25906]  copy_mm+0xc7e/0x13e0
[ 2236.564208][T25906]  ? copy_signal+0x610/0x610
[ 2236.568630][T25906]  ? __init_rwsem+0xd6/0x1c0
[ 2236.573057][T25906]  ? copy_signal+0x4e3/0x610
[ 2236.577485][T25906]  copy_process+0x1149/0x3290
[ 2236.582005][T25906]  ? irqentry_exit+0x30/0x40
[ 2236.586599][T25906]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2236.591563][T25906]  ? kernel_clone+0xcd/0x9e0
[ 2236.595974][T25906]  kernel_clone+0x21e/0x9e0
[ 2236.600312][T25906]  ? create_io_thread+0x1e0/0x1e0
[ 2236.605173][T25906]  ? clockevents_program_event+0x22f/0x300
[ 2236.610813][T25906]  __x64_sys_clone+0x23f/0x290
[ 2236.615413][T25906]  ? __do_sys_vfork+0x130/0x130
[ 2236.620100][T25906]  ? debug_smp_processor_id+0x17/0x20
[ 2236.625306][T25906]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2236.631208][T25906]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2236.636676][T25906]  do_syscall_64+0x3d/0xb0
[ 2236.640928][T25906]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2236.646571][T25906]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2236.652313][T25906] RIP: 0033:0x7fbee4946da9
[ 2236.656566][T25906] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2236.675993][T25906] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2236.684239][T25906] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000010e0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xe000000}, 0x48)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xf000000}, 0x48)

[ 2236.692049][T25906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2236.699861][T25906] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2236.707671][T25906] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2236.715482][T25906] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2236.723307][T25906]  </TASK>
22:40:08 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41300)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000010f0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:08 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001100018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x10000000}, 0x48)

[ 2236.809310][T25934] FAULT_INJECTION: forcing a failure.
[ 2236.809310][T25934] name failslab, interval 1, probability 0, space 0, times 0
[ 2236.848189][T25934] CPU: 1 PID: 25934 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2236.858355][T25934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2236.868248][T25934] Call Trace:
[ 2236.871378][T25934]  <TASK>
[ 2236.874148][T25934]  dump_stack_lvl+0x151/0x1b7
[ 2236.878667][T25934]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2236.884131][T25934]  dump_stack+0x15/0x17
[ 2236.888149][T25934]  should_fail+0x3c6/0x510
[ 2236.892372][T25934]  __should_failslab+0xa4/0xe0
[ 2236.896968][T25934]  ? vm_area_dup+0x26/0x230
[ 2236.901307][T25934]  should_failslab+0x9/0x20
[ 2236.905651][T25934]  slab_pre_alloc_hook+0x37/0xd0
[ 2236.910439][T25934]  ? vm_area_dup+0x26/0x230
[ 2236.914766][T25934]  kmem_cache_alloc+0x44/0x200
[ 2236.919365][T25934]  vm_area_dup+0x26/0x230
[ 2236.923527][T25934]  copy_mm+0x9a1/0x13e0
[ 2236.927518][T25934]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2236.933510][T25934]  ? copy_signal+0x610/0x610
[ 2236.937935][T25934]  ? __init_rwsem+0xd6/0x1c0
[ 2236.942362][T25934]  ? copy_signal+0x4e3/0x610
[ 2236.946790][T25934]  copy_process+0x1149/0x3290
[ 2236.951301][T25934]  ? proc_fail_nth_write+0x20b/0x290
[ 2236.956424][T25934]  ? irqentry_exit+0x30/0x40
[ 2236.960848][T25934]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2236.965831][T25934]  ? kernel_clone+0x7a/0x9e0
[ 2236.970222][T25934]  kernel_clone+0x21e/0x9e0
[ 2236.974564][T25934]  ? file_end_write+0x1c0/0x1c0
[ 2236.979249][T25934]  ? create_io_thread+0x1e0/0x1e0
[ 2236.984109][T25934]  ? mutex_unlock+0xb2/0x260
[ 2236.988536][T25934]  ? __mutex_lock_slowpath+0x10/0x10
[ 2236.993656][T25934]  __x64_sys_clone+0x23f/0x290
[ 2236.998257][T25934]  ? __do_sys_vfork+0x130/0x130
[ 2237.002941][T25934]  ? ksys_write+0x260/0x2c0
[ 2237.007283][T25934]  ? debug_smp_processor_id+0x17/0x20
[ 2237.012488][T25934]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2237.018396][T25934]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2237.023948][T25934]  do_syscall_64+0x3d/0xb0
[ 2237.028204][T25934]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2237.033839][T25934]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2237.039568][T25934] RIP: 0033:0x7fbee4946da9
[ 2237.043824][T25934] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2237.063438][T25934] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2237.071683][T25934] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2237.079494][T25934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2237.087325][T25934] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2237.095121][T25934] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2237.102925][T25934] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x11000000}, 0x48)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001180018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:08 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41400)

22:40:08 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x12000000}, 0x48)

[ 2237.110742][T25934]  </TASK>
22:40:08 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000013c0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x13000000}, 0x48)

22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x14000000}, 0x48)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000014b0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2237.200742][T25952] FAULT_INJECTION: forcing a failure.
[ 2237.200742][T25952] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2237.219703][T25952] CPU: 0 PID: 25952 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2237.229867][T25952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2237.239759][T25952] Call Trace:
[ 2237.242882][T25952]  <TASK>
[ 2237.245657][T25952]  dump_stack_lvl+0x151/0x1b7
[ 2237.250174][T25952]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2237.255640][T25952]  ? irqentry_exit+0x30/0x40
[ 2237.260078][T25952]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2237.266053][T25952]  dump_stack+0x15/0x17
[ 2237.270048][T25952]  should_fail+0x3c6/0x510
[ 2237.274298][T25952]  should_fail_alloc_page+0x5a/0x80
[ 2237.279338][T25952]  prepare_alloc_pages+0x15c/0x700
[ 2237.284284][T25952]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2237.289310][T25952]  __alloc_pages+0x18c/0x8f0
[ 2237.293734][T25952]  ? prep_new_page+0x110/0x110
[ 2237.298349][T25952]  ? __alloc_pages+0x27e/0x8f0
[ 2237.302945][T25952]  ? irqentry_exit+0x30/0x40
[ 2237.307365][T25952]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2237.313007][T25952]  pte_alloc_one+0x73/0x1b0
[ 2237.317351][T25952]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2237.322379][T25952]  ? copy_page_range+0xe6d/0x2f90
[ 2237.327238][T25952]  ? __pte_alloc+0x7e/0x350
[ 2237.331592][T25952]  __pte_alloc+0x86/0x350
[ 2237.335744][T25952]  ? irqentry_exit+0x30/0x40
[ 2237.340170][T25952]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2237.345825][T25952]  ? free_pgtables+0x280/0x280
[ 2237.350418][T25952]  copy_page_range+0x28a8/0x2f90
[ 2237.355185][T25952]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2237.360046][T25952]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2237.365166][T25952]  ? kernel_clone+0x21e/0x9e0
[ 2237.369677][T25952]  ? do_syscall_64+0x3d/0xb0
[ 2237.374103][T25952]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2237.380013][T25952]  ? pfn_valid+0x1e0/0x1e0
[ 2237.384275][T25952]  ? __vma_link_rb+0x4c5/0x550
[ 2237.388862][T25952]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2237.394417][T25952]  ? __rb_insert_augmented+0x5de/0x610
[ 2237.399710][T25952]  copy_mm+0xc7e/0x13e0
[ 2237.403706][T25952]  ? copy_signal+0x610/0x610
[ 2237.408132][T25952]  ? __init_rwsem+0xd6/0x1c0
[ 2237.412641][T25952]  ? copy_signal+0x4e3/0x610
[ 2237.417067][T25952]  copy_process+0x1149/0x3290
[ 2237.421582][T25952]  ? timerqueue_add+0x250/0x270
[ 2237.426270][T25952]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2237.431215][T25952]  ? enqueue_hrtimer+0xca/0x240
[ 2237.435899][T25952]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2237.441110][T25952]  kernel_clone+0x21e/0x9e0
[ 2237.445449][T25952]  ? __kasan_check_write+0x14/0x20
[ 2237.450396][T25952]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 2237.455690][T25952]  ? create_io_thread+0x1e0/0x1e0
[ 2237.460551][T25952]  ? clockevents_program_event+0x22f/0x300
[ 2237.466193][T25952]  __x64_sys_clone+0x23f/0x290
[ 2237.470791][T25952]  ? __do_sys_vfork+0x130/0x130
[ 2237.475482][T25952]  ? debug_smp_processor_id+0x17/0x20
[ 2237.480685][T25952]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2237.486671][T25952]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2237.492152][T25952]  do_syscall_64+0x3d/0xb0
[ 2237.496406][T25952]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2237.502045][T25952]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2237.507786][T25952] RIP: 0033:0x7fbee4946da9
[ 2237.512033][T25952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2237.531568][T25952] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2237.539800][T25952] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x15000000}, 0x48)

22:40:08 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41500)

22:40:08 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

22:40:08 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001600018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2237.547612][T25952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2237.555423][T25952] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2237.563235][T25952] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2237.571046][T25952] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2237.578863][T25952]  </TASK>
22:40:08 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x16000000}, 0x48)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001610018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2237.626271][T25968] FAULT_INJECTION: forcing a failure.
[ 2237.626271][T25968] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.658586][T25968] CPU: 1 PID: 25968 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
22:40:09 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2237.668764][T25968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2237.678673][T25968] Call Trace:
[ 2237.681771][T25968]  <TASK>
[ 2237.684555][T25968]  dump_stack_lvl+0x151/0x1b7
[ 2237.689072][T25968]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2237.694533][T25968]  dump_stack+0x15/0x17
[ 2237.698516][T25968]  should_fail+0x3c6/0x510
[ 2237.702770][T25968]  __should_failslab+0xa4/0xe0
[ 2237.707384][T25968]  ? vm_area_dup+0x26/0x230
[ 2237.711712][T25968]  should_failslab+0x9/0x20
[ 2237.716074][T25968]  slab_pre_alloc_hook+0x37/0xd0
[ 2237.720824][T25968]  ? vm_area_dup+0x26/0x230
[ 2237.725162][T25968]  kmem_cache_alloc+0x44/0x200
[ 2237.729761][T25968]  vm_area_dup+0x26/0x230
[ 2237.733929][T25968]  copy_mm+0x9a1/0x13e0
[ 2237.737922][T25968]  ? copy_signal+0x610/0x610
[ 2237.742346][T25968]  ? __init_rwsem+0xd6/0x1c0
[ 2237.746773][T25968]  ? copy_signal+0x4e3/0x610
[ 2237.751213][T25968]  copy_process+0x1149/0x3290
[ 2237.755721][T25968]  ? timerqueue_add+0x250/0x270
[ 2237.760400][T25968]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2237.765366][T25968]  ? enqueue_hrtimer+0xca/0x240
[ 2237.770033][T25968]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2237.775246][T25968]  kernel_clone+0x21e/0x9e0
[ 2237.779582][T25968]  ? create_io_thread+0x1e0/0x1e0
[ 2237.784441][T25968]  ? clockevents_program_event+0x22f/0x300
[ 2237.790085][T25968]  __x64_sys_clone+0x23f/0x290
[ 2237.794683][T25968]  ? __do_sys_vfork+0x130/0x130
[ 2237.799375][T25968]  do_syscall_64+0x3d/0xb0
[ 2237.803622][T25968]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2237.809265][T25968]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2237.814994][T25968] RIP: 0033:0x7fbee4946da9
[ 2237.819246][T25968] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2237.838685][T25968] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2237.846929][T25968] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2237.854741][T25968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2237.862554][T25968] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x17000000}, 0x48)

22:40:09 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41600)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001620018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x18000000}, 0x48)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001630018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2237.870364][T25968] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2237.878174][T25968] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2237.885991][T25968]  </TASK>
22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001690018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x19000000}, 0x48)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1a000000}, 0x48)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000016a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:09 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49)

22:40:09 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41700)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1b000000}, 0x48)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1c000000}, 0x48)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000016b0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1d000000}, 0x48)

22:40:09 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41800)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001700018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2238.071559][T26001] FAULT_INJECTION: forcing a failure.
[ 2238.071559][T26001] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2238.086848][T26001] CPU: 0 PID: 26001 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2238.097015][T26001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2238.107001][T26001] Call Trace:
[ 2238.110124][T26001]  <TASK>
[ 2238.112906][T26001]  dump_stack_lvl+0x151/0x1b7
[ 2238.117411][T26001]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2238.123397][T26001]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2238.128866][T26001]  ? __wake_up_klogd+0xd5/0x110
[ 2238.133557][T26001]  ? dump_stack+0x9/0x17
[ 2238.137632][T26001]  dump_stack+0x15/0x17
[ 2238.141626][T26001]  should_fail+0x3c6/0x510
[ 2238.145877][T26001]  should_fail_alloc_page+0x5a/0x80
[ 2238.150914][T26001]  prepare_alloc_pages+0x15c/0x700
[ 2238.155862][T26001]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2238.160889][T26001]  ? sched_clock+0x9/0x10
[ 2238.165050][T26001]  ? native_set_ldt+0x360/0x360
[ 2238.169742][T26001]  __alloc_pages+0x18c/0x8f0
[ 2238.174168][T26001]  ? prep_new_page+0x110/0x110
[ 2238.178767][T26001]  ? pte_alloc_one+0x62/0x1b0
[ 2238.183277][T26001]  pte_alloc_one+0x73/0x1b0
[ 2238.187617][T26001]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2238.192650][T26001]  __pte_alloc+0x86/0x350
[ 2238.196813][T26001]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.202457][T26001]  ? free_pgtables+0x280/0x280
[ 2238.207058][T26001]  ? copy_page_range+0xe6d/0x2f90
[ 2238.211921][T26001]  copy_page_range+0x28a8/0x2f90
[ 2238.216691][T26001]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2238.221556][T26001]  ? pfn_valid+0x1e0/0x1e0
[ 2238.225805][T26001]  ? syscall_exit_to_user_mode+0x130/0x160
[ 2238.231448][T26001]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.237090][T26001]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2238.242659][T26001]  ? __rb_insert_augmented+0x5de/0x610
[ 2238.247940][T26001]  copy_mm+0xc7e/0x13e0
[ 2238.251932][T26001]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.257571][T26001]  ? copy_signal+0x610/0x610
[ 2238.261999][T26001]  ? __init_rwsem+0xd6/0x1c0
[ 2238.266422][T26001]  ? copy_signal+0x4e3/0x610
[ 2238.270849][T26001]  copy_process+0x1149/0x3290
[ 2238.275365][T26001]  ? timerqueue_add+0x250/0x270
[ 2238.280052][T26001]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2238.284998][T26001]  ? enqueue_hrtimer+0xca/0x240
[ 2238.289684][T26001]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2238.294893][T26001]  kernel_clone+0x21e/0x9e0
[ 2238.299232][T26001]  ? create_io_thread+0x1e0/0x1e0
[ 2238.306386][T26001]  ? clockevents_program_event+0x22f/0x300
[ 2238.312016][T26001]  __x64_sys_clone+0x23f/0x290
[ 2238.316788][T26001]  ? __do_sys_vfork+0x130/0x130
[ 2238.321496][T26001]  do_syscall_64+0x3d/0xb0
[ 2238.325737][T26001]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.331374][T26001]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2238.337098][T26001] RIP: 0033:0x7fbee4946da9
[ 2238.341349][T26001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2238.360789][T26001] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:09 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41900)

22:40:09 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1e000000}, 0x48)

22:40:09 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1f000000}, 0x48)

[ 2238.369122][T26001] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2238.376932][T26001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2238.384745][T26001] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2238.392558][T26001] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2238.400367][T26001] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2238.408183][T26001]  </TASK>
22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001710018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x20000000}, 0x48)

22:40:09 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41a00)

22:40:09 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x21000000}, 0x48)

22:40:09 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001720018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2238.511844][T26027] FAULT_INJECTION: forcing a failure.
[ 2238.511844][T26027] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.536604][T26027] CPU: 0 PID: 26027 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2238.546770][T26027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2238.556660][T26027] Call Trace:
[ 2238.559784][T26027]  <TASK>
[ 2238.562564][T26027]  dump_stack_lvl+0x151/0x1b7
[ 2238.567074][T26027]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2238.572543][T26027]  dump_stack+0x15/0x17
[ 2238.576534][T26027]  should_fail+0x3c6/0x510
[ 2238.580787][T26027]  __should_failslab+0xa4/0xe0
[ 2238.585386][T26027]  ? vm_area_dup+0x26/0x230
[ 2238.589725][T26027]  should_failslab+0x9/0x20
[ 2238.594067][T26027]  slab_pre_alloc_hook+0x37/0xd0
[ 2238.598841][T26027]  ? vm_area_dup+0x26/0x230
[ 2238.603178][T26027]  kmem_cache_alloc+0x44/0x200
[ 2238.607785][T26027]  vm_area_dup+0x26/0x230
[ 2238.611947][T26027]  copy_mm+0x9a1/0x13e0
[ 2238.615941][T26027]  ? copy_signal+0x610/0x610
[ 2238.620367][T26027]  ? __init_rwsem+0xd6/0x1c0
[ 2238.624791][T26027]  ? copy_signal+0x4e3/0x610
[ 2238.629220][T26027]  copy_process+0x1149/0x3290
[ 2238.633733][T26027]  ? irqentry_exit+0x30/0x40
[ 2238.638157][T26027]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2238.643106][T26027]  ? vfs_write+0x9ec/0x1110
[ 2238.647443][T26027]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2238.652655][T26027]  kernel_clone+0x21e/0x9e0
[ 2238.656993][T26027]  ? irqentry_exit+0x30/0x40
[ 2238.661504][T26027]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.667148][T26027]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2238.673137][T26027]  ? create_io_thread+0x1e0/0x1e0
[ 2238.677994][T26027]  __x64_sys_clone+0x23f/0x290
[ 2238.682596][T26027]  ? __do_sys_vfork+0x130/0x130
[ 2238.687299][T26027]  ? ksys_write+0x260/0x2c0
[ 2238.691649][T26027]  ? debug_smp_processor_id+0x17/0x20
[ 2238.696833][T26027]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2238.702732][T26027]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2238.708217][T26027]  do_syscall_64+0x3d/0xb0
[ 2238.712455][T26027]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2238.718095][T26027]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2238.723821][T26027] RIP: 0033:0x7fbee4946da9
[ 2238.728164][T26027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2238.747603][T26027] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x22000000}, 0x48)

22:40:10 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41b00)

22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001730018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:10 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51)

[ 2238.755864][T26027] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2238.763779][T26027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2238.771616][T26027] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2238.779401][T26027] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2238.787210][T26027] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2238.795025][T26027]  </TASK>
22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x23000000}, 0x48)

22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001790018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2238.901457][T26047] FAULT_INJECTION: forcing a failure.
[ 2238.901457][T26047] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.931408][T26047] CPU: 1 PID: 26047 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2238.941577][T26047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2238.951468][T26047] Call Trace:
[ 2238.954592][T26047]  <TASK>
[ 2238.957370][T26047]  dump_stack_lvl+0x151/0x1b7
[ 2238.961888][T26047]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2238.967354][T26047]  dump_stack+0x15/0x17
[ 2238.971341][T26047]  should_fail+0x3c6/0x510
[ 2238.975597][T26047]  __should_failslab+0xa4/0xe0
[ 2238.980196][T26047]  ? anon_vma_fork+0x1df/0x4e0
[ 2238.984795][T26047]  should_failslab+0x9/0x20
[ 2238.989135][T26047]  slab_pre_alloc_hook+0x37/0xd0
[ 2238.993911][T26047]  ? anon_vma_fork+0x1df/0x4e0
[ 2238.998508][T26047]  kmem_cache_alloc+0x44/0x200
[ 2239.003110][T26047]  anon_vma_fork+0x1df/0x4e0
[ 2239.007537][T26047]  copy_mm+0xa3a/0x13e0
[ 2239.011528][T26047]  ? copy_signal+0x610/0x610
[ 2239.015952][T26047]  ? __init_rwsem+0xd6/0x1c0
[ 2239.020384][T26047]  ? copy_signal+0x4e3/0x610
[ 2239.024804][T26047]  copy_process+0x1149/0x3290
[ 2239.029320][T26047]  ? timerqueue_add+0x250/0x270
[ 2239.034026][T26047]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2239.038958][T26047]  ? enqueue_hrtimer+0xca/0x240
[ 2239.043639][T26047]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2239.048850][T26047]  kernel_clone+0x21e/0x9e0
[ 2239.053188][T26047]  ? irqentry_exit+0x30/0x40
[ 2239.057613][T26047]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.063267][T26047]  ? create_io_thread+0x1e0/0x1e0
[ 2239.068124][T26047]  __x64_sys_clone+0x23f/0x290
[ 2239.072715][T26047]  ? __do_sys_vfork+0x130/0x130
[ 2239.077405][T26047]  do_syscall_64+0x3d/0xb0
[ 2239.081656][T26047]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.087383][T26047]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2239.093111][T26047] RIP: 0033:0x7fbee4946da9
[ 2239.097367][T26047] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2239.116809][T26047] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2239.125051][T26047] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2239.132863][T26047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2239.140676][T26047] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:10 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000017a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x54ac02a0}, 0x48)

22:40:10 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52)

22:40:10 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41c00)

22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xa002ac54}, 0x48)

[ 2239.148483][T26047] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2239.156294][T26047] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2239.164109][T26047]  </TASK>
22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="18090000000000000000000000017b0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xa0030000}, 0x48)

22:40:10 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41d00)

22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001830018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2239.261668][T26062] FAULT_INJECTION: forcing a failure.
[ 2239.261668][T26062] name failslab, interval 1, probability 0, space 0, times 0
[ 2239.291005][T26062] CPU: 0 PID: 26062 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2239.301176][T26062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2239.311071][T26062] Call Trace:
[ 2239.314189][T26062]  <TASK>
[ 2239.316966][T26062]  dump_stack_lvl+0x151/0x1b7
[ 2239.321478][T26062]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2239.326960][T26062]  dump_stack+0x15/0x17
[ 2239.330943][T26062]  should_fail+0x3c6/0x510
[ 2239.335196][T26062]  __should_failslab+0xa4/0xe0
[ 2239.339790][T26062]  ? vm_area_dup+0x26/0x230
[ 2239.344133][T26062]  should_failslab+0x9/0x20
[ 2239.348585][T26062]  slab_pre_alloc_hook+0x37/0xd0
[ 2239.353345][T26062]  ? vm_area_dup+0x26/0x230
[ 2239.357683][T26062]  kmem_cache_alloc+0x44/0x200
[ 2239.362310][T26062]  vm_area_dup+0x26/0x230
[ 2239.366538][T26062]  copy_mm+0x9a1/0x13e0
[ 2239.370530][T26062]  ? irqentry_exit+0x30/0x40
[ 2239.374958][T26062]  ? copy_signal+0x610/0x610
[ 2239.379382][T26062]  ? __init_rwsem+0xd6/0x1c0
[ 2239.383808][T26062]  ? copy_signal+0x4e3/0x610
[ 2239.388233][T26062]  copy_process+0x1149/0x3290
[ 2239.392751][T26062]  ? irqentry_exit+0x30/0x40
[ 2239.397174][T26062]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2239.402122][T26062]  ? kernel_clone+0x149/0x9e0
[ 2239.406632][T26062]  ? kernel_clone+0x1af/0x9e0
[ 2239.411147][T26062]  kernel_clone+0x21e/0x9e0
[ 2239.415486][T26062]  ? create_io_thread+0x1e0/0x1e0
[ 2239.420347][T26062]  ? clockevents_program_event+0x22f/0x300
[ 2239.425992][T26062]  __x64_sys_clone+0x23f/0x290
[ 2239.430587][T26062]  ? __do_sys_vfork+0x130/0x130
[ 2239.435278][T26062]  ? __x64_sys_clone+0xc/0x290
[ 2239.439875][T26062]  do_syscall_64+0x3d/0xb0
[ 2239.444127][T26062]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.449768][T26062]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2239.455503][T26062] RIP: 0033:0x7fbee4946da9
[ 2239.459753][T26062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2239.479192][T26062] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2239.487437][T26062] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2239.495249][T26062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2239.503058][T26062] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xffffffff}, 0x48)

22:40:10 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53)

22:40:10 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001360118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2239.510871][T26062] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2239.518682][T26062] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2239.526497][T26062]  </TASK>
22:40:10 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41e00)

22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2}, 0x48)

22:40:10 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x3}, 0x48)

[ 2239.565733][T26079] FAULT_INJECTION: forcing a failure.
[ 2239.565733][T26079] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2239.582018][T26079] CPU: 1 PID: 26079 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2239.592270][T26079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2239.602167][T26079] Call Trace:
[ 2239.605290][T26079]  <TASK>
[ 2239.608064][T26079]  dump_stack_lvl+0x151/0x1b7
[ 2239.612576][T26079]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2239.618044][T26079]  ? gfp_zone+0x7a/0x160
[ 2239.622118][T26079]  dump_stack+0x15/0x17
[ 2239.626110][T26079]  should_fail+0x3c6/0x510
[ 2239.630365][T26079]  should_fail_alloc_page+0x5a/0x80
[ 2239.635398][T26079]  prepare_alloc_pages+0x15c/0x700
[ 2239.640346][T26079]  ? __alloc_pages+0x8f0/0x8f0
[ 2239.644945][T26079]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2239.649993][T26079]  ? sched_clock+0x9/0x10
[ 2239.654150][T26079]  __alloc_pages+0x18c/0x8f0
[ 2239.658573][T26079]  ? prep_new_page+0x110/0x110
[ 2239.663172][T26079]  ? 0xffffffffa0030000
[ 2239.667163][T26079]  ? is_bpf_text_address+0x172/0x190
[ 2239.672286][T26079]  pte_alloc_one+0x73/0x1b0
[ 2239.676625][T26079]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2239.681669][T26079]  __pte_alloc+0x86/0x350
[ 2239.685825][T26079]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.691468][T26079]  ? free_pgtables+0x280/0x280
[ 2239.696076][T26079]  ? __kasan_check_write+0x14/0x20
[ 2239.701014][T26079]  copy_page_range+0x28a8/0x2f90
[ 2239.705787][T26079]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2239.710653][T26079]  ? pfn_valid+0x1e0/0x1e0
[ 2239.714904][T26079]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2239.720454][T26079]  ? __rb_insert_augmented+0x5de/0x610
[ 2239.725751][T26079]  copy_mm+0xc7e/0x13e0
[ 2239.729751][T26079]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.735386][T26079]  ? copy_signal+0x610/0x610
[ 2239.739809][T26079]  ? __init_rwsem+0xd6/0x1c0
[ 2239.744235][T26079]  ? copy_signal+0x4e3/0x610
[ 2239.748659][T26079]  copy_process+0x1149/0x3290
[ 2239.753178][T26079]  ? timerqueue_add+0x250/0x270
[ 2239.757863][T26079]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2239.762807][T26079]  ? enqueue_hrtimer+0xca/0x240
[ 2239.767503][T26079]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2239.772711][T26079]  kernel_clone+0x21e/0x9e0
[ 2239.777043][T26079]  ? create_io_thread+0x1e0/0x1e0
[ 2239.781904][T26079]  ? clockevents_program_event+0x22f/0x300
[ 2239.787635][T26079]  __x64_sys_clone+0x23f/0x290
[ 2239.792232][T26079]  ? __do_sys_vfork+0x130/0x130
[ 2239.796921][T26079]  ? debug_smp_processor_id+0x17/0x20
[ 2239.802124][T26079]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2239.808031][T26079]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2239.813495][T26079]  do_syscall_64+0x3d/0xb0
[ 2239.817750][T26079]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2239.823389][T26079]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2239.829118][T26079] RIP: 0033:0x7fbee4946da9
[ 2239.833374][T26079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2239.852816][T26079] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:11 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x41f00)

22:40:11 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54)

[ 2239.861057][T26079] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2239.868867][T26079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2239.876767][T26079] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2239.884579][T26079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2239.892392][T26079] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2239.900208][T26079]  </TASK>
22:40:11 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001d00118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:11 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x4}, 0x48)

22:40:11 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:11 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2239.957998][T26095] FAULT_INJECTION: forcing a failure.
[ 2239.957998][T26095] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2239.996389][T26095] CPU: 1 PID: 26095 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2240.006556][T26095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2240.016451][T26095] Call Trace:
[ 2240.019596][T26095]  <TASK>
[ 2240.022345][T26095]  dump_stack_lvl+0x151/0x1b7
[ 2240.026861][T26095]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2240.032328][T26095]  dump_stack+0x15/0x17
[ 2240.036322][T26095]  should_fail+0x3c6/0x510
[ 2240.040574][T26095]  should_fail_alloc_page+0x5a/0x80
[ 2240.045610][T26095]  prepare_alloc_pages+0x15c/0x700
[ 2240.050557][T26095]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2240.055589][T26095]  __alloc_pages+0x18c/0x8f0
[ 2240.060014][T26095]  ? prep_new_page+0x110/0x110
[ 2240.064615][T26095]  ? __alloc_pages+0x27e/0x8f0
[ 2240.069304][T26095]  ? __kasan_check_write+0x14/0x20
[ 2240.074250][T26095]  ? _raw_spin_lock+0xa4/0x1b0
[ 2240.078849][T26095]  pte_alloc_one+0x73/0x1b0
[ 2240.083187][T26095]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2240.088224][T26095]  ? __pmd_alloc+0x48d/0x550
[ 2240.092655][T26095]  __pte_alloc+0x86/0x350
[ 2240.096820][T26095]  ? __pud_alloc+0x260/0x260
[ 2240.101240][T26095]  ? __pud_alloc+0x213/0x260
[ 2240.105665][T26095]  ? free_pgtables+0x280/0x280
[ 2240.110266][T26095]  ? do_handle_mm_fault+0x2330/0x2330
[ 2240.115475][T26095]  ? copy_page_range+0x1d9/0x2f90
[ 2240.120335][T26095]  copy_page_range+0x28a8/0x2f90
[ 2240.125112][T26095]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2240.129969][T26095]  ? slab_post_alloc_hook+0x53/0x2c0
[ 2240.135093][T26095]  ? kernel_clone+0x21e/0x9e0
[ 2240.139613][T26095]  ? do_syscall_64+0x3d/0xb0
[ 2240.144034][T26095]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2240.149944][T26095]  ? pfn_valid+0x1e0/0x1e0
[ 2240.154184][T26095]  ? rwsem_write_trylock+0x15b/0x290
[ 2240.159304][T26095]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[ 2240.165555][T26095]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2240.171110][T26095]  ? __rb_insert_augmented+0x5de/0x610
[ 2240.176495][T26095]  copy_mm+0xc7e/0x13e0
[ 2240.180487][T26095]  ? copy_signal+0x610/0x610
[ 2240.184912][T26095]  ? __init_rwsem+0xd6/0x1c0
[ 2240.189336][T26095]  ? copy_signal+0x4e3/0x610
[ 2240.193764][T26095]  copy_process+0x1149/0x3290
[ 2240.198277][T26095]  ? timerqueue_add+0x250/0x270
[ 2240.202964][T26095]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2240.207912][T26095]  ? enqueue_hrtimer+0xca/0x240
[ 2240.212594][T26095]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2240.217805][T26095]  kernel_clone+0x21e/0x9e0
[ 2240.222244][T26095]  ? create_io_thread+0x1e0/0x1e0
[ 2240.227094][T26095]  ? clockevents_program_event+0x22f/0x300
[ 2240.232742][T26095]  __x64_sys_clone+0x23f/0x290
[ 2240.237335][T26095]  ? __do_sys_vfork+0x130/0x130
[ 2240.242024][T26095]  do_syscall_64+0x3d/0xb0
[ 2240.246272][T26095]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2240.251915][T26095]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2240.257641][T26095] RIP: 0033:0x7fbee4946da9
[ 2240.261897][T26095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2240.281340][T26095] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2240.289586][T26095] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2240.297396][T26095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:40:11 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x5}, 0x48)

22:40:11 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42000)

22:40:11 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x6}, 0x48)

22:40:11 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001990318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:11 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55)

[ 2240.305205][T26095] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2240.313013][T26095] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2240.320826][T26095] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2240.328639][T26095]  </TASK>
22:40:11 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x7}, 0x48)

[ 2240.401838][T26114] FAULT_INJECTION: forcing a failure.
[ 2240.401838][T26114] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2240.416748][T26114] CPU: 1 PID: 26114 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2240.426903][T26114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2240.436795][T26114] Call Trace:
[ 2240.439919][T26114]  <TASK>
[ 2240.442698][T26114]  dump_stack_lvl+0x151/0x1b7
[ 2240.447209][T26114]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2240.452680][T26114]  dump_stack+0x15/0x17
[ 2240.456672][T26114]  should_fail+0x3c6/0x510
[ 2240.460925][T26114]  should_fail_alloc_page+0x5a/0x80
[ 2240.465956][T26114]  prepare_alloc_pages+0x15c/0x700
[ 2240.470903][T26114]  ? __alloc_pages+0x8f0/0x8f0
[ 2240.475503][T26114]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2240.480541][T26114]  __alloc_pages+0x18c/0x8f0
[ 2240.485050][T26114]  ? prep_new_page+0x110/0x110
[ 2240.489651][T26114]  ? 0xffffffffa0030000
[ 2240.493642][T26114]  ? is_bpf_text_address+0x172/0x190
[ 2240.498762][T26114]  pte_alloc_one+0x73/0x1b0
[ 2240.503132][T26114]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2240.508227][T26114]  __pte_alloc+0x86/0x350
[ 2240.512391][T26114]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2240.518376][T26114]  ? free_pgtables+0x280/0x280
[ 2240.522978][T26114]  ? __kasan_check_write+0x14/0x20
[ 2240.528022][T26114]  copy_page_range+0x28a8/0x2f90
[ 2240.532787][T26114]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2240.537650][T26114]  ? pfn_valid+0x1e0/0x1e0
[ 2240.541900][T26114]  ? irqentry_exit+0x30/0x40
[ 2240.546325][T26114]  ? sysvec_call_function_single+0xb0/0xb0
[ 2240.551976][T26114]  ? vma_interval_tree_augment_rotate+0x1a3/0x1d0
[ 2240.558217][T26114]  copy_mm+0xc7e/0x13e0
[ 2240.562211][T26114]  ? copy_signal+0x610/0x610
[ 2240.566635][T26114]  ? copy_process+0x110c/0x3290
[ 2240.571323][T26114]  copy_process+0x1149/0x3290
[ 2240.575840][T26114]  ? timerqueue_add+0x250/0x270
[ 2240.580522][T26114]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2240.585470][T26114]  ? enqueue_hrtimer+0xca/0x240
[ 2240.590155][T26114]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2240.595365][T26114]  kernel_clone+0x21e/0x9e0
[ 2240.599703][T26114]  ? irqentry_exit+0x30/0x40
[ 2240.604130][T26114]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2240.609772][T26114]  ? create_io_thread+0x1e0/0x1e0
[ 2240.614632][T26114]  __x64_sys_clone+0x23f/0x290
[ 2240.619239][T26114]  ? __do_sys_vfork+0x130/0x130
[ 2240.624034][T26114]  ? debug_smp_processor_id+0x17/0x20
[ 2240.629226][T26114]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2240.635135][T26114]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2240.640595][T26114]  do_syscall_64+0x3d/0xb0
[ 2240.644845][T26114]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2240.650488][T26114]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2240.656239][T26114] RIP: 0033:0x7fbee4946da9
[ 2240.660476][T26114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2240.680001][T26114] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2240.688339][T26114] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001d90318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x8}, 0x48)

22:40:12 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42100)

22:40:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x9}, 0x48)

[ 2240.696227][T26114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2240.704041][T26114] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2240.711934][T26114] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2240.719747][T26114] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2240.727564][T26114]  </TASK>
22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa}, 0x48)

[ 2240.792116][T26128] FAULT_INJECTION: forcing a failure.
[ 2240.792116][T26128] name failslab, interval 1, probability 0, space 0, times 0
[ 2240.807291][T26128] CPU: 1 PID: 26128 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2240.817454][T26128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2240.827355][T26128] Call Trace:
[ 2240.830476][T26128]  <TASK>
[ 2240.833249][T26128]  dump_stack_lvl+0x151/0x1b7
[ 2240.837768][T26128]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2240.843234][T26128]  dump_stack+0x15/0x17
[ 2240.847218][T26128]  should_fail+0x3c6/0x510
[ 2240.851471][T26128]  __should_failslab+0xa4/0xe0
[ 2240.856071][T26128]  ? vm_area_dup+0x26/0x230
[ 2240.860410][T26128]  should_failslab+0x9/0x20
[ 2240.864755][T26128]  slab_pre_alloc_hook+0x37/0xd0
[ 2240.869543][T26128]  ? vm_area_dup+0x26/0x230
[ 2240.873865][T26128]  kmem_cache_alloc+0x44/0x200
[ 2240.878465][T26128]  vm_area_dup+0x26/0x230
[ 2240.882719][T26128]  copy_mm+0x9a1/0x13e0
[ 2240.886729][T26128]  ? copy_signal+0x610/0x610
[ 2240.891138][T26128]  ? __init_rwsem+0xd6/0x1c0
[ 2240.895563][T26128]  ? copy_signal+0x4e3/0x610
[ 2240.899990][T26128]  copy_process+0x1149/0x3290
[ 2240.904514][T26128]  ? irqentry_exit+0x30/0x40
[ 2240.908949][T26128]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2240.913967][T26128]  ? kernel_clone+0x149/0x9e0
[ 2240.918474][T26128]  ? kernel_clone+0x1af/0x9e0
[ 2240.922992][T26128]  kernel_clone+0x21e/0x9e0
[ 2240.927336][T26128]  ? create_io_thread+0x1e0/0x1e0
[ 2240.932191][T26128]  ? clockevents_program_event+0x22f/0x300
[ 2240.937918][T26128]  __x64_sys_clone+0x23f/0x290
[ 2240.942518][T26128]  ? __do_sys_vfork+0x130/0x130
[ 2240.947379][T26128]  ? debug_smp_processor_id+0x17/0x20
[ 2240.952585][T26128]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2240.958488][T26128]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2240.963957][T26128]  do_syscall_64+0x3d/0xb0
[ 2240.968207][T26128]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2240.973851][T26128]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2240.979577][T26128] RIP: 0033:0x7fbee4946da9
[ 2240.983834][T26128] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2241.003281][T26128] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2241.011515][T26128] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2241.019328][T26128] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2241.027138][T26128] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2241.034949][T26128] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:12 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42200)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000518120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2241.042760][T26128] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2241.050876][T26128]  </TASK>
22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xb}, 0x48)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000618120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xc}, 0x48)

22:40:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000718120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42300)

22:40:12 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xd}, 0x48)

[ 2241.210742][T26149] FAULT_INJECTION: forcing a failure.
[ 2241.210742][T26149] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.253903][T26149] CPU: 0 PID: 26149 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2241.264081][T26149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2241.273969][T26149] Call Trace:
[ 2241.277094][T26149]  <TASK>
[ 2241.279900][T26149]  dump_stack_lvl+0x151/0x1b7
[ 2241.284384][T26149]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2241.290028][T26149]  dump_stack+0x15/0x17
[ 2241.294020][T26149]  should_fail+0x3c6/0x510
[ 2241.298269][T26149]  __should_failslab+0xa4/0xe0
[ 2241.302873][T26149]  ? vm_area_dup+0x26/0x230
[ 2241.307227][T26149]  should_failslab+0x9/0x20
[ 2241.311685][T26149]  slab_pre_alloc_hook+0x37/0xd0
[ 2241.316436][T26149]  ? vm_area_dup+0x26/0x230
[ 2241.320770][T26149]  kmem_cache_alloc+0x44/0x200
[ 2241.325373][T26149]  vm_area_dup+0x26/0x230
[ 2241.329537][T26149]  copy_mm+0x9a1/0x13e0
[ 2241.333533][T26149]  ? copy_signal+0x610/0x610
[ 2241.337953][T26149]  ? __init_rwsem+0xd6/0x1c0
[ 2241.342392][T26149]  ? copy_signal+0x4e3/0x610
[ 2241.346809][T26149]  copy_process+0x1149/0x3290
[ 2241.351328][T26149]  ? timerqueue_add+0x250/0x270
[ 2241.356015][T26149]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2241.360955][T26149]  ? enqueue_hrtimer+0xca/0x240
[ 2241.365641][T26149]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2241.370852][T26149]  kernel_clone+0x21e/0x9e0
[ 2241.375189][T26149]  ? create_io_thread+0x1e0/0x1e0
[ 2241.380052][T26149]  ? clockevents_program_event+0x22f/0x300
[ 2241.385694][T26149]  __x64_sys_clone+0x23f/0x290
[ 2241.390378][T26149]  ? __do_sys_vfork+0x130/0x130
[ 2241.395069][T26149]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2241.400884][T26149]  do_syscall_64+0x3d/0xb0
[ 2241.405131][T26149]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2241.410777][T26149]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2241.416509][T26149] RIP: 0033:0x7fbee4946da9
[ 2241.420757][T26149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2241.440198][T26149] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe}, 0x48)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xf}, 0x48)

22:40:12 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42400)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x10}, 0x48)

[ 2241.448441][T26149] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2241.456255][T26149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2241.465021][T26149] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2241.472830][T26149] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2241.480731][T26149] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2241.488631][T26149]  </TASK>
22:40:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x11}, 0x48)

22:40:12 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42500)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x12}, 0x48)

22:40:12 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000c18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x13}, 0x48)

22:40:12 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x14}, 0x48)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x15}, 0x48)

22:40:13 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2241.660193][T26169] FAULT_INJECTION: forcing a failure.
[ 2241.660193][T26169] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.682082][T26169] CPU: 0 PID: 26169 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2241.692250][T26169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2241.702245][T26169] Call Trace:
[ 2241.705358][T26169]  <TASK>
[ 2241.708133][T26169]  dump_stack_lvl+0x151/0x1b7
[ 2241.712651][T26169]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2241.718118][T26169]  dump_stack+0x15/0x17
[ 2241.722103][T26169]  should_fail+0x3c6/0x510
[ 2241.726357][T26169]  __should_failslab+0xa4/0xe0
[ 2241.730955][T26169]  ? vm_area_dup+0x26/0x230
[ 2241.735380][T26169]  should_failslab+0x9/0x20
[ 2241.739719][T26169]  slab_pre_alloc_hook+0x37/0xd0
[ 2241.744495][T26169]  ? vm_area_dup+0x26/0x230
[ 2241.748838][T26169]  kmem_cache_alloc+0x44/0x200
[ 2241.753433][T26169]  vm_area_dup+0x26/0x230
[ 2241.757601][T26169]  copy_mm+0x9a1/0x13e0
[ 2241.761594][T26169]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 2241.767587][T26169]  ? copy_signal+0x610/0x610
[ 2241.772006][T26169]  ? copy_process+0x110c/0x3290
[ 2241.776699][T26169]  copy_process+0x1149/0x3290
[ 2241.781210][T26169]  ? _raw_spin_unlock+0x4d/0x70
[ 2241.785893][T26169]  ? perf_event_context_sched_in+0x4ea/0x5e0
[ 2241.791709][T26169]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2241.796657][T26169]  ? __perf_event_task_sched_in+0x219/0x2a0
[ 2241.802392][T26169]  kernel_clone+0x21e/0x9e0
[ 2241.806730][T26169]  ? create_io_thread+0x1e0/0x1e0
[ 2241.811585][T26169]  ? finish_task_switch+0x167/0x7b0
[ 2241.816629][T26169]  __x64_sys_clone+0x23f/0x290
[ 2241.821222][T26169]  ? __do_sys_vfork+0x130/0x130
[ 2241.825906][T26169]  ? switch_fpu_return+0x1ed/0x3d0
[ 2241.830854][T26169]  ? __kasan_check_read+0x11/0x20
[ 2241.835719][T26169]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2241.841269][T26169]  do_syscall_64+0x3d/0xb0
[ 2241.845526][T26169]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2241.851161][T26169]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2241.856890][T26169] RIP: 0033:0x7fbee4946da9
[ 2241.861147][T26169] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2241.880585][T26169] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2241.888828][T26169] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2241.896643][T26169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000e18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42600)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x16}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000f18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2241.904550][T26169] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2241.912361][T26169] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2241.920171][T26169] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2241.927988][T26169]  </TASK>
22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x17}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001001818120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42700)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x18}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001001f18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x19}, 0x48)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1a}, 0x48)

22:40:13 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001002018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1b}, 0x48)

22:40:13 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42800)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1c}, 0x48)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1d}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001013618120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2242.156381][T26208] FAULT_INJECTION: forcing a failure.
[ 2242.156381][T26208] name failslab, interval 1, probability 0, space 0, times 0
[ 2242.184525][T26208] CPU: 0 PID: 26208 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2242.194792][T26208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2242.204699][T26208] Call Trace:
[ 2242.207807][T26208]  <TASK>
[ 2242.210586][T26208]  dump_stack_lvl+0x151/0x1b7
[ 2242.215306][T26208]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2242.220772][T26208]  ? _printk+0xc/0x111
[ 2242.224737][T26208]  dump_stack+0x15/0x17
[ 2242.228670][T26208]  should_fail+0x3c6/0x510
[ 2242.232925][T26208]  __should_failslab+0xa4/0xe0
[ 2242.237613][T26208]  ? vm_area_dup+0x26/0x230
[ 2242.241962][T26208]  should_failslab+0x9/0x20
[ 2242.246295][T26208]  slab_pre_alloc_hook+0x37/0xd0
[ 2242.251061][T26208]  ? vm_area_dup+0x26/0x230
[ 2242.255406][T26208]  kmem_cache_alloc+0x44/0x200
[ 2242.260000][T26208]  vm_area_dup+0x26/0x230
[ 2242.264162][T26208]  copy_mm+0x9a1/0x13e0
[ 2242.268171][T26208]  ? copy_signal+0x610/0x610
[ 2242.272591][T26208]  ? __init_rwsem+0xd6/0x1c0
[ 2242.277017][T26208]  ? copy_signal+0x4e3/0x610
[ 2242.281434][T26208]  copy_process+0x1149/0x3290
[ 2242.285949][T26208]  ? timerqueue_add+0x250/0x270
[ 2242.290633][T26208]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2242.295577][T26208]  ? enqueue_hrtimer+0xca/0x240
[ 2242.300351][T26208]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2242.305565][T26208]  kernel_clone+0x21e/0x9e0
[ 2242.309902][T26208]  ? create_io_thread+0x1e0/0x1e0
[ 2242.314764][T26208]  ? clockevents_program_event+0x22f/0x300
[ 2242.320399][T26208]  __x64_sys_clone+0x23f/0x290
[ 2242.325018][T26208]  ? __do_sys_vfork+0x130/0x130
[ 2242.329689][T26208]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2242.335633][T26208]  do_syscall_64+0x3d/0xb0
[ 2242.339961][T26208]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2242.345618][T26208]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2242.351328][T26208] RIP: 0033:0x7fbee4946da9
[ 2242.355584][T26208] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2242.375033][T26208] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2242.383267][T26208] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2242.391078][T26208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2242.398907][T26208] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1e}, 0x48)

22:40:13 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001003c18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2242.406704][T26208] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2242.414603][T26208] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2242.422420][T26208]  </TASK>
22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x21}, 0x48)

22:40:13 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42900)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001003f18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x22}, 0x48)

22:40:13 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x23}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001004018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x300}, 0x48)

22:40:13 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42a00)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x3a0}, 0x48)

22:40:13 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001004b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:13 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x500}, 0x48)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2242.635563][T26250] FAULT_INJECTION: forcing a failure.
[ 2242.635563][T26250] name failslab, interval 1, probability 0, space 0, times 0
[ 2242.659220][T26250] CPU: 0 PID: 26250 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2242.669391][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2242.679287][T26250] Call Trace:
[ 2242.682408][T26250]  <TASK>
22:40:14 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2242.685185][T26250]  dump_stack_lvl+0x151/0x1b7
[ 2242.689705][T26250]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2242.695257][T26250]  dump_stack+0x15/0x17
[ 2242.699247][T26250]  should_fail+0x3c6/0x510
[ 2242.703503][T26250]  __should_failslab+0xa4/0xe0
[ 2242.708104][T26250]  ? vm_area_dup+0x26/0x230
[ 2242.712442][T26250]  should_failslab+0x9/0x20
[ 2242.716779][T26250]  slab_pre_alloc_hook+0x37/0xd0
[ 2242.721555][T26250]  ? vm_area_dup+0x26/0x230
[ 2242.725891][T26250]  kmem_cache_alloc+0x44/0x200
[ 2242.730494][T26250]  vm_area_dup+0x26/0x230
[ 2242.734657][T26250]  copy_mm+0x9a1/0x13e0
[ 2242.738658][T26250]  ? copy_signal+0x610/0x610
[ 2242.743081][T26250]  ? __init_rwsem+0xd6/0x1c0
[ 2242.747512][T26250]  ? copy_signal+0x4e3/0x610
[ 2242.751929][T26250]  copy_process+0x1149/0x3290
[ 2242.756448][T26250]  ? irqentry_exit+0x30/0x40
[ 2242.760874][T26250]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2242.765817][T26250]  ? kernel_clone+0xcd/0x9e0
[ 2242.770244][T26250]  kernel_clone+0x21e/0x9e0
[ 2242.774578][T26250]  ? irqentry_exit+0x30/0x40
[ 2242.779003][T26250]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2242.784647][T26250]  ? create_io_thread+0x1e0/0x1e0
[ 2242.789507][T26250]  __x64_sys_clone+0x23f/0x290
[ 2242.794118][T26250]  ? __do_sys_vfork+0x130/0x130
[ 2242.798816][T26250]  do_syscall_64+0x3d/0xb0
[ 2242.803047][T26250]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2242.808687][T26250]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2242.814420][T26250] RIP: 0033:0x7fbee4946da9
[ 2242.818672][T26250] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2242.838111][T26250] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2242.846354][T26250] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2242.854166][T26250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2242.861976][T26250] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2242.869789][T26250] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2242.877773][T26250] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
22:40:14 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42b00)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x600}, 0x48)

[ 2242.885586][T26250]  </TASK>
22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x700}, 0x48)

22:40:14 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:14 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42c00)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x900}, 0x48)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa00}, 0x48)

22:40:14 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xb00}, 0x48)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006218120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:14 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42d00)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xc00}, 0x48)

[ 2243.157428][T26287] FAULT_INJECTION: forcing a failure.
[ 2243.157428][T26287] name failslab, interval 1, probability 0, space 0, times 0
[ 2243.181544][T26287] CPU: 0 PID: 26287 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2243.191740][T26287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2243.201599][T26287] Call Trace:
[ 2243.204722][T26287]  <TASK>
[ 2243.207500][T26287]  dump_stack_lvl+0x151/0x1b7
[ 2243.212013][T26287]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2243.217482][T26287]  ? irqentry_exit+0x30/0x40
[ 2243.221922][T26287]  dump_stack+0x15/0x17
[ 2243.225900][T26287]  should_fail+0x3c6/0x510
[ 2243.230163][T26287]  __should_failslab+0xa4/0xe0
[ 2243.234756][T26287]  ? anon_vma_clone+0x9a/0x500
[ 2243.239350][T26287]  should_failslab+0x9/0x20
[ 2243.243690][T26287]  slab_pre_alloc_hook+0x37/0xd0
[ 2243.248465][T26287]  ? anon_vma_clone+0x9a/0x500
[ 2243.253063][T26287]  kmem_cache_alloc+0x44/0x200
[ 2243.257664][T26287]  anon_vma_clone+0x9a/0x500
[ 2243.262106][T26287]  anon_vma_fork+0x91/0x4e0
[ 2243.266520][T26287]  ? anon_vma_name+0x43/0x70
[ 2243.270945][T26287]  ? vm_area_dup+0x17a/0x230
[ 2243.275368][T26287]  copy_mm+0xa3a/0x13e0
[ 2243.279473][T26287]  ? copy_signal+0x610/0x610
[ 2243.283878][T26287]  ? __init_rwsem+0xd6/0x1c0
[ 2243.288303][T26287]  ? copy_signal+0x4e3/0x610
[ 2243.292732][T26287]  copy_process+0x1149/0x3290
[ 2243.297242][T26287]  ? proc_fail_nth_write+0x20b/0x290
[ 2243.302362][T26287]  ? fsnotify_perm+0x6a/0x5d0
[ 2243.306875][T26287]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2243.311842][T26287]  ? vfs_write+0x9ec/0x1110
[ 2243.316165][T26287]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2243.321369][T26287]  kernel_clone+0x21e/0x9e0
[ 2243.325711][T26287]  ? file_end_write+0x1c0/0x1c0
[ 2243.330397][T26287]  ? create_io_thread+0x1e0/0x1e0
[ 2243.335255][T26287]  ? mutex_unlock+0xb2/0x260
[ 2243.339818][T26287]  ? __mutex_lock_slowpath+0x10/0x10
[ 2243.345013][T26287]  __x64_sys_clone+0x23f/0x290
[ 2243.349611][T26287]  ? __do_sys_vfork+0x130/0x130
[ 2243.354301][T26287]  do_syscall_64+0x3d/0xb0
[ 2243.358550][T26287]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2243.364200][T26287]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2243.370006][T26287] RIP: 0033:0x7fbee4946da9
[ 2243.374260][T26287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2243.393789][T26287] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:14 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x0, 0x0, &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xd00}, 0x48)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe00}, 0x48)

[ 2243.402031][T26287] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2243.409845][T26287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2243.417655][T26287] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2243.425473][T26287] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2243.433277][T26287] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2243.441096][T26287]  </TASK>
22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xf00}, 0x48)

22:40:14 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42e00)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1100}, 0x48)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1200}, 0x48)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1300}, 0x48)

22:40:14 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x42f00)

22:40:14 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:14 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1400}, 0x48)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1500}, 0x48)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1600}, 0x48)

22:40:15 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43000)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007218120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x0, 0x0, &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1700}, 0x48)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1800}, 0x48)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62)

[ 2243.838283][T26349] FAULT_INJECTION: forcing a failure.
[ 2243.838283][T26349] name failslab, interval 1, probability 0, space 0, times 0
[ 2243.859493][T26349] CPU: 1 PID: 26349 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2243.869668][T26349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2243.879564][T26349] Call Trace:
[ 2243.882691][T26349]  <TASK>
22:40:15 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43100)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1900}, 0x48)

[ 2243.885468][T26349]  dump_stack_lvl+0x151/0x1b7
[ 2243.889976][T26349]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2243.895449][T26349]  dump_stack+0x15/0x17
[ 2243.899441][T26349]  should_fail+0x3c6/0x510
[ 2243.903716][T26349]  __should_failslab+0xa4/0xe0
[ 2243.908289][T26349]  ? vm_area_dup+0x26/0x230
[ 2243.912631][T26349]  should_failslab+0x9/0x20
[ 2243.916969][T26349]  slab_pre_alloc_hook+0x37/0xd0
[ 2243.921797][T26349]  ? vm_area_dup+0x26/0x230
[ 2243.926082][T26349]  kmem_cache_alloc+0x44/0x200
[ 2243.930683][T26349]  vm_area_dup+0x26/0x230
[ 2243.934853][T26349]  copy_mm+0x9a1/0x13e0
[ 2243.938837][T26349]  ? copy_signal+0x610/0x610
[ 2243.943260][T26349]  ? __init_rwsem+0xd6/0x1c0
[ 2243.947687][T26349]  ? copy_signal+0x4e3/0x610
[ 2243.952115][T26349]  copy_process+0x1149/0x3290
[ 2243.956629][T26349]  ? proc_fail_nth_write+0x20b/0x290
[ 2243.961749][T26349]  ? fsnotify_perm+0x6a/0x5d0
[ 2243.966264][T26349]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2243.971211][T26349]  ? vfs_write+0x9ec/0x1110
[ 2243.975635][T26349]  ? irqentry_exit+0x30/0x40
[ 2243.980062][T26349]  kernel_clone+0x21e/0x9e0
[ 2243.984401][T26349]  ? file_end_write+0x1c0/0x1c0
[ 2243.989090][T26349]  ? create_io_thread+0x1e0/0x1e0
[ 2243.993962][T26349]  ? mutex_unlock+0xb2/0x260
[ 2243.998374][T26349]  ? __mutex_lock_slowpath+0x10/0x10
[ 2244.003497][T26349]  __x64_sys_clone+0x23f/0x290
[ 2244.008098][T26349]  ? __do_sys_vfork+0x130/0x130
[ 2244.012780][T26349]  ? ksys_write+0x260/0x2c0
[ 2244.017132][T26349]  ? debug_smp_processor_id+0x17/0x20
[ 2244.022328][T26349]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2244.028231][T26349]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2244.033697][T26349]  do_syscall_64+0x3d/0xb0
[ 2244.037951][T26349]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.043684][T26349]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2244.049410][T26349] RIP: 0033:0x7fbee4946da9
[ 2244.053662][T26349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2244.073110][T26349] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2244.081349][T26349] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1a00}, 0x48)

22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x0, 0x0, &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:15 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43200)

22:40:15 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63)

[ 2244.089159][T26349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2244.096970][T26349] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2244.104834][T26349] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2244.112686][T26349] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2244.120496][T26349]  </TASK>
22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1b00}, 0x48)

[ 2244.217165][T26367] FAULT_INJECTION: forcing a failure.
[ 2244.217165][T26367] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2244.230975][T26367] CPU: 0 PID: 26367 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2244.241125][T26367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2244.251022][T26367] Call Trace:
[ 2244.254143][T26367]  <TASK>
[ 2244.256922][T26367]  dump_stack_lvl+0x151/0x1b7
[ 2244.261438][T26367]  ? io_uring_drop_tctx_refs+0x190/0x190
22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1c00}, 0x48)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1d00}, 0x48)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1e00}, 0x48)

[ 2244.266905][T26367]  dump_stack+0x15/0x17
[ 2244.270894][T26367]  should_fail+0x3c6/0x510
[ 2244.275145][T26367]  should_fail_alloc_page+0x5a/0x80
[ 2244.280183][T26367]  prepare_alloc_pages+0x15c/0x700
[ 2244.285142][T26367]  ? __alloc_pages+0x8f0/0x8f0
[ 2244.289733][T26367]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2244.294765][T26367]  __alloc_pages+0x18c/0x8f0
[ 2244.299189][T26367]  ? prep_new_page+0x110/0x110
[ 2244.303792][T26367]  ? 0xffffffffa0030000
[ 2244.307784][T26367]  ? is_bpf_text_address+0x172/0x190
[ 2244.312906][T26367]  pte_alloc_one+0x73/0x1b0
[ 2244.317244][T26367]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2244.322275][T26367]  __pte_alloc+0x86/0x350
[ 2244.326440][T26367]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.332086][T26367]  ? free_pgtables+0x280/0x280
[ 2244.336680][T26367]  ? copy_page_range+0x27d0/0x2f90
[ 2244.341626][T26367]  ? copy_page_range+0xd0e/0x2f90
[ 2244.346486][T26367]  copy_page_range+0x28a8/0x2f90
[ 2244.351258][T26367]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2244.356123][T26367]  ? pfn_valid+0x1e0/0x1e0
[ 2244.360370][T26367]  ? irqentry_exit+0x30/0x40
[ 2244.364797][T26367]  ? sysvec_call_function_single+0xb0/0xb0
[ 2244.370439][T26367]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2244.376004][T26367]  ? __rb_insert_augmented+0x5de/0x610
[ 2244.381308][T26367]  copy_mm+0xc7e/0x13e0
[ 2244.385281][T26367]  ? irqentry_exit+0x30/0x40
[ 2244.389709][T26367]  ? copy_signal+0x610/0x610
[ 2244.394133][T26367]  ? __init_rwsem+0xd6/0x1c0
[ 2244.398559][T26367]  ? copy_signal+0x4e3/0x610
[ 2244.402991][T26367]  copy_process+0x1149/0x3290
[ 2244.407503][T26367]  ? timerqueue_add+0x250/0x270
[ 2244.412187][T26367]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2244.417133][T26367]  ? enqueue_hrtimer+0xca/0x240
[ 2244.421822][T26367]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2244.427029][T26367]  kernel_clone+0x21e/0x9e0
[ 2244.431368][T26367]  ? create_io_thread+0x1e0/0x1e0
[ 2244.436229][T26367]  ? clockevents_program_event+0x22f/0x300
[ 2244.441871][T26367]  __x64_sys_clone+0x23f/0x290
[ 2244.446556][T26367]  ? __do_sys_vfork+0x130/0x130
[ 2244.451244][T26367]  ? debug_smp_processor_id+0x17/0x20
[ 2244.456451][T26367]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2244.462352][T26367]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2244.467820][T26367]  do_syscall_64+0x3d/0xb0
[ 2244.472161][T26367]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.477803][T26367]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2244.483533][T26367] RIP: 0033:0x7fbee4946da9
[ 2244.487788][T26367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2244.507226][T26367] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1f00}, 0x48)

22:40:15 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43300)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2000}, 0x48)

22:40:15 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2244.515471][T26367] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2244.523280][T26367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2244.531093][T26367] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2244.538906][T26367] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2244.546714][T26367] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2244.554532][T26367]  </TASK>
22:40:15 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:15 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64)

22:40:15 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2100}, 0x48)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2200}, 0x48)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001008318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43400)

[ 2244.664789][T26392] FAULT_INJECTION: forcing a failure.
[ 2244.664789][T26392] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2244.696318][T26392] CPU: 0 PID: 26392 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2244.706485][T26392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2244.716479][T26392] Call Trace:
[ 2244.719600][T26392]  <TASK>
[ 2244.722383][T26392]  dump_stack_lvl+0x151/0x1b7
[ 2244.726887][T26392]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2244.732352][T26392]  ? irqentry_exit+0x30/0x40
[ 2244.736782][T26392]  dump_stack+0x15/0x17
[ 2244.740772][T26392]  should_fail+0x3c6/0x510
[ 2244.745030][T26392]  should_fail_alloc_page+0x5a/0x80
[ 2244.750060][T26392]  prepare_alloc_pages+0x15c/0x700
[ 2244.755018][T26392]  ? __alloc_pages+0x8f0/0x8f0
[ 2244.759610][T26392]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2244.764645][T26392]  ? finish_task_switch+0x207/0x7b0
[ 2244.769682][T26392]  __alloc_pages+0x18c/0x8f0
[ 2244.774103][T26392]  ? prep_new_page+0x110/0x110
[ 2244.778700][T26392]  ? is_bpf_text_address+0x11f/0x190
[ 2244.783852][T26392]  ? is_bpf_text_address+0x172/0x190
[ 2244.788944][T26392]  pte_alloc_one+0x73/0x1b0
[ 2244.793281][T26392]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2244.798316][T26392]  __pte_alloc+0x86/0x350
[ 2244.802481][T26392]  ? irqentry_exit+0x30/0x40
[ 2244.806908][T26392]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.812674][T26392]  ? free_pgtables+0x280/0x280
[ 2244.817241][T26392]  ? __kasan_check_write+0x14/0x20
[ 2244.822184][T26392]  copy_page_range+0x28a8/0x2f90
[ 2244.826957][T26392]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2244.831824][T26392]  ? pfn_valid+0x1e0/0x1e0
[ 2244.836071][T26392]  ? irqentry_exit+0x30/0x40
[ 2244.840501][T26392]  ? sysvec_call_function_single+0xb0/0xb0
[ 2244.846140][T26392]  ? vma_gap_callbacks_rotate+0x1b7/0x210
[ 2244.851698][T26392]  ? __rb_insert_augmented+0x5de/0x610
[ 2244.856990][T26392]  copy_mm+0xc7e/0x13e0
[ 2244.860983][T26392]  ? copy_signal+0x610/0x610
[ 2244.865407][T26392]  ? __init_rwsem+0xd6/0x1c0
[ 2244.869834][T26392]  ? copy_signal+0x4e3/0x610
[ 2244.874260][T26392]  copy_process+0x1149/0x3290
[ 2244.878785][T26392]  ? timerqueue_add+0x250/0x270
[ 2244.883462][T26392]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2244.888410][T26392]  ? enqueue_hrtimer+0xca/0x240
[ 2244.893093][T26392]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2244.898302][T26392]  kernel_clone+0x21e/0x9e0
[ 2244.902728][T26392]  ? irqentry_exit+0x30/0x40
[ 2244.907153][T26392]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.912795][T26392]  ? create_io_thread+0x1e0/0x1e0
[ 2244.917658][T26392]  __x64_sys_clone+0x23f/0x290
[ 2244.922260][T26392]  ? __do_sys_vfork+0x130/0x130
[ 2244.926942][T26392]  ? debug_smp_processor_id+0x17/0x20
[ 2244.932151][T26392]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2244.938051][T26392]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2244.943518][T26392]  do_syscall_64+0x3d/0xb0
[ 2244.947773][T26392]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2244.953419][T26392]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2244.959143][T26392] RIP: 0033:0x7fbee4946da9
[ 2244.963397][T26392] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2244.982839][T26392] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2244.991080][T26392] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2244.998954][T26392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2245.006705][T26392] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2300}, 0x48)

[ 2245.014524][T26392] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2245.022352][T26392] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2245.030142][T26392]  </TASK>
22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1000000}, 0x48)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001039918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43500)

22:40:16 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000101d018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2000000}, 0x48)

22:40:16 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x3000000}, 0x48)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000103d918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100ff18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x4000000}, 0x48)

[ 2245.168532][T26424] FAULT_INJECTION: forcing a failure.
[ 2245.168532][T26424] name failslab, interval 1, probability 0, space 0, times 0
[ 2245.181785][T26424] CPU: 1 PID: 26424 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2245.191942][T26424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2245.201853][T26424] Call Trace:
[ 2245.205137][T26424]  <TASK>
[ 2245.207908][T26424]  dump_stack_lvl+0x151/0x1b7
[ 2245.212424][T26424]  ? io_uring_drop_tctx_refs+0x190/0x190
22:40:16 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2245.217896][T26424]  dump_stack+0x15/0x17
[ 2245.221881][T26424]  should_fail+0x3c6/0x510
[ 2245.226235][T26424]  __should_failslab+0xa4/0xe0
[ 2245.230824][T26424]  ? anon_vma_fork+0x1df/0x4e0
[ 2245.235422][T26424]  should_failslab+0x9/0x20
[ 2245.239762][T26424]  slab_pre_alloc_hook+0x37/0xd0
[ 2245.244537][T26424]  ? anon_vma_fork+0x1df/0x4e0
[ 2245.249130][T26424]  kmem_cache_alloc+0x44/0x200
[ 2245.253730][T26424]  anon_vma_fork+0x1df/0x4e0
[ 2245.258157][T26424]  copy_mm+0xa3a/0x13e0
[ 2245.262150][T26424]  ? copy_signal+0x610/0x610
[ 2245.266662][T26424]  ? __init_rwsem+0xd6/0x1c0
[ 2245.271086][T26424]  ? copy_signal+0x4e3/0x610
[ 2245.275515][T26424]  copy_process+0x1149/0x3290
[ 2245.280039][T26424]  ? timerqueue_add+0x250/0x270
[ 2245.284716][T26424]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2245.289663][T26424]  ? enqueue_hrtimer+0xca/0x240
[ 2245.294353][T26424]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2245.299557][T26424]  kernel_clone+0x21e/0x9e0
[ 2245.303896][T26424]  ? create_io_thread+0x1e0/0x1e0
[ 2245.308755][T26424]  ? clockevents_program_event+0x22f/0x300
[ 2245.314407][T26424]  __x64_sys_clone+0x23f/0x290
[ 2245.319006][T26424]  ? __do_sys_vfork+0x130/0x130
[ 2245.323686][T26424]  ? debug_smp_processor_id+0x17/0x20
[ 2245.328893][T26424]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2245.334800][T26424]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2245.340261][T26424]  do_syscall_64+0x3d/0xb0
[ 2245.344516][T26424]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2245.350157][T26424]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2245.355885][T26424] RIP: 0033:0x7fbee4946da9
[ 2245.360139][T26424] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2245.379581][T26424] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2245.387830][T26424] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2245.395641][T26424] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2245.403446][T26424] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2245.411256][T26424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x5000000}, 0x48)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000005120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2245.419069][T26424] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2245.426884][T26424]  </TASK>
[ 2245.443200][T26424] ------------[ cut here ]------------
[ 2245.448901][T26424] refcount_t: underflow; use-after-free.
[ 2245.460011][T26424] WARNING: CPU: 1 PID: 26424 at lib/refcount.c:28 refcount_warn_saturate+0x158/0x1a0
22:40:16 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43600)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x6000000}, 0x48)

[ 2245.474079][T26424] Modules linked in:
[ 2245.478486][T26424] CPU: 1 PID: 26424 Comm: syz-executor.1 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 2245.488924][T26424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2245.502475][T26424] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x7000000}, 0x48)

[ 2245.508863][T26424] Code: 04 01 48 c7 c7 40 c8 82 85 e8 e4 9e dc fe 0f 0b eb 8b e8 6b 49 0b ff c6 05 73 8e 9e 04 01 48 c7 c7 a0 c8 82 85 e8 c8 9e dc fe <0f> 0b e9 6c ff ff ff e8 4c 49 0b ff c6 05 55 8e 9e 04 01 48 c7 c7
[ 2245.528630][T26424] RSP: 0018:ffffc9000268f968 EFLAGS: 00010246
[ 2245.554401][T26424] RAX: c9d1249ab2ab6500 RBX: 0000000000000003 RCX: 0000000000040000
22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x8000000}, 0x48)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x9000000}, 0x48)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa000000}, 0x48)

22:40:16 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000007120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:16 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43700)

22:40:16 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xb000000}, 0x48)

[ 2245.567496][T26424] RDX: ffffc90008221000 RSI: 0000000000019152 RDI: 0000000000019153
[ 2245.589035][T26424] RBP: ffffc9000268f978 R08: ffffffff81575f25 R09: ffffed103ee265e8
[ 2245.602503][T26424] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102f6972f2
[ 2245.611021][T26424] R13: ffff88817b4b9790 R14: 0000000000000003 R15: ffff88815976d748
22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100000c120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xc000000}, 0x48)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xd000000}, 0x48)

[ 2245.646214][T26424] FS:  00007fbee36c86c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 2245.658112][T26424] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2245.668555][T26424] CR2: 0000001b2fd21000 CR3: 000000010cde6000 CR4: 00000000003506b0
[ 2245.677248][T26424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2245.686463][T26424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
22:40:17 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43800)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100000f120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2245.698914][T26424] Call Trace:
[ 2245.704002][T26424]  <TASK>
[ 2245.707544][T26424]  ? show_regs+0x58/0x60
[ 2245.712951][T26424]  ? __warn+0x160/0x2f0
[ 2245.717708][T26424]  ? refcount_warn_saturate+0x158/0x1a0
22:40:17 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe000000}, 0x48)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xf000000}, 0x48)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000014120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2245.739301][T26424]  ? report_bug+0x3d9/0x5b0
[ 2245.744061][T26424]  ? refcount_warn_saturate+0x158/0x1a0
[ 2245.749623][T26424]  ? handle_bug+0x41/0x70
[ 2245.753912][T26424]  ? exc_invalid_op+0x1b/0x50
[ 2245.758701][T26424]  ? asm_exc_invalid_op+0x1b/0x20
22:40:17 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43900)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x10000000}, 0x48)

[ 2245.798159][T26424]  ? __wake_up_klogd+0xd5/0x110
22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000015120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x11000000}, 0x48)

[ 2245.822147][T26424]  ? refcount_warn_saturate+0x158/0x1a0
[ 2245.847886][T26424]  ? refcount_warn_saturate+0x158/0x1a0
[ 2245.867130][T26424]  vm_area_free_no_check+0x123/0x130
22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000016120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x12000000}, 0x48)

[ 2245.877382][T26424]  copy_mm+0xefb/0x13e0
[ 2245.886179][T26424]  ? copy_signal+0x610/0x610
[ 2245.892531][T26424]  ? __init_rwsem+0xd6/0x1c0
[ 2245.914438][T26424]  ? copy_signal+0x4e3/0x610
[ 2245.921467][T26424]  copy_process+0x1149/0x3290
[ 2245.927366][T26424]  ? timerqueue_add+0x250/0x270
[ 2245.932268][T26424]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2245.937598][T26424]  ? enqueue_hrtimer+0xca/0x240
[ 2245.946415][T26424]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2245.951753][T26424]  kernel_clone+0x21e/0x9e0
[ 2245.956591][T26424]  ? create_io_thread+0x1e0/0x1e0
[ 2245.961639][T26424]  ? clockevents_program_event+0x22f/0x300
[ 2245.968247][T26424]  __x64_sys_clone+0x23f/0x290
[ 2245.973248][T26424]  ? __do_sys_vfork+0x130/0x130
[ 2245.978062][T26424]  ? debug_smp_processor_id+0x17/0x20
[ 2245.983834][T26424]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2245.989783][T26424]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2245.995346][T26424]  do_syscall_64+0x3d/0xb0
[ 2245.999626][T26424]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2246.005575][T26424]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2246.011383][T26424] RIP: 0033:0x7fbee4946da9
[ 2246.015717][T26424] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2246.035408][T26424] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2246.043775][T26424] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2246.051555][T26424] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2246.059406][T26424] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2246.067185][T26424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:17 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66)

22:40:17 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43a00)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x13000000}, 0x48)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000017120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x14000000}, 0x48)

[ 2246.075061][T26424] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2246.082951][T26424]  </TASK>
[ 2246.085851][T26424] ---[ end trace 07da0ed5f43b5ed9 ]---
22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000218120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x15000000}, 0x48)

22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x16000000}, 0x48)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:17 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43b00)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000418120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2246.210157][T26498] FAULT_INJECTION: forcing a failure.
[ 2246.210157][T26498] name failslab, interval 1, probability 0, space 0, times 0
[ 2246.225430][T26498] CPU: 0 PID: 26498 Comm: syz-executor.1 Tainted: G        W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2246.236992][T26498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2246.246881][T26498] Call Trace:
[ 2246.249999][T26498]  <TASK>
[ 2246.252774][T26498]  dump_stack_lvl+0x151/0x1b7
[ 2246.257373][T26498]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2246.262841][T26498]  dump_stack+0x15/0x17
[ 2246.266833][T26498]  should_fail+0x3c6/0x510
[ 2246.271102][T26498]  __should_failslab+0xa4/0xe0
[ 2246.275695][T26498]  ? anon_vma_fork+0x1df/0x4e0
[ 2246.280290][T26498]  should_failslab+0x9/0x20
[ 2246.284625][T26498]  slab_pre_alloc_hook+0x37/0xd0
[ 2246.289402][T26498]  ? anon_vma_fork+0x1df/0x4e0
[ 2246.294000][T26498]  kmem_cache_alloc+0x44/0x200
[ 2246.298597][T26498]  anon_vma_fork+0x1df/0x4e0
[ 2246.303036][T26498]  copy_mm+0xa3a/0x13e0
[ 2246.307025][T26498]  ? copy_signal+0x610/0x610
[ 2246.311449][T26498]  ? __init_rwsem+0xd6/0x1c0
[ 2246.315871][T26498]  ? copy_signal+0x4e3/0x610
[ 2246.320312][T26498]  copy_process+0x1149/0x3290
[ 2246.324898][T26498]  ? _raw_spin_unlock+0x4d/0x70
[ 2246.329600][T26498]  ? perf_event_context_sched_in+0x4ea/0x5e0
[ 2246.335406][T26498]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2246.340349][T26498]  ? __perf_event_task_sched_in+0x219/0x2a0
[ 2246.346075][T26498]  kernel_clone+0x21e/0x9e0
[ 2246.350413][T26498]  ? perf_sched_cb_inc+0x260/0x260
[ 2246.355363][T26498]  ? create_io_thread+0x1e0/0x1e0
[ 2246.360222][T26498]  ? finish_task_switch+0x167/0x7b0
[ 2246.365258][T26498]  __x64_sys_clone+0x23f/0x290
[ 2246.369854][T26498]  ? __do_sys_vfork+0x130/0x130
[ 2246.374541][T26498]  ? switch_fpu_return+0x1ed/0x3d0
[ 2246.379489][T26498]  ? __kasan_check_read+0x11/0x20
[ 2246.384435][T26498]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 2246.389903][T26498]  do_syscall_64+0x3d/0xb0
[ 2246.394161][T26498]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2246.399798][T26498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2246.405527][T26498] RIP: 0033:0x7fbee4946da9
[ 2246.409780][T26498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2246.429224][T26498] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2246.437501][T26498] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2246.445277][T26498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2246.453089][T26498] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x17000000}, 0x48)

22:40:17 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000518120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2246.460942][T26498] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2246.468892][T26498] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2246.476795][T26498]  </TASK>
22:40:17 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x18000000}, 0x48)

22:40:17 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67)

[ 2246.544712][T12478] ==================================================================
[ 2246.552615][T12478] BUG: KASAN: use-after-free in __rb_insert_augmented+0xa0/0x610
[ 2246.560162][T12478] Read of size 8 at addr ffff8881c0000008 by task syz-executor.1/12478
[ 2246.568233][T12478] 
[ 2246.570404][T12478] CPU: 1 PID: 12478 Comm: syz-executor.1 Tainted: G        W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2246.581945][T12478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2246.591839][T12478] Call Trace:
[ 2246.594965][T12478]  <TASK>
[ 2246.597828][T12478]  dump_stack_lvl+0x151/0x1b7
[ 2246.602341][T12478]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2246.607808][T12478]  ? panic+0x751/0x751
[ 2246.611715][T12478]  print_address_description+0x87/0x3b0
[ 2246.617105][T12478]  kasan_report+0x179/0x1c0
[ 2246.621439][T12478]  ? __rb_insert_augmented+0xa0/0x610
[ 2246.626642][T12478]  ? __rb_insert_augmented+0xa0/0x610
[ 2246.631860][T12478]  __asan_report_load8_noabort+0x14/0x20
[ 2246.637325][T12478]  __rb_insert_augmented+0xa0/0x610
[ 2246.642355][T12478]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[ 2246.648608][T12478]  vma_interval_tree_insert_after+0x2be/0x2d0
[ 2246.654523][T12478]  copy_mm+0xba2/0x13e0
[ 2246.658511][T12478]  ? copy_signal+0x610/0x610
[ 2246.662926][T12478]  ? __init_rwsem+0xd6/0x1c0
[ 2246.667362][T12478]  ? copy_signal+0x4e3/0x610
[ 2246.671775][T12478]  copy_process+0x1149/0x3290
[ 2246.676295][T12478]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2246.681237][T12478]  kernel_clone+0x21e/0x9e0
[ 2246.685577][T12478]  ? kernel_read+0x1f0/0x1f0
[ 2246.690003][T12478]  ? kmem_cache_free+0x116/0x2e0
[ 2246.694783][T12478]  ? create_io_thread+0x1e0/0x1e0
[ 2246.699897][T12478]  ? debug_smp_processor_id+0x17/0x20
[ 2246.705202][T12478]  __x64_sys_clone+0x23f/0x290
[ 2246.709789][T12478]  ? __do_sys_vfork+0x130/0x130
[ 2246.714478][T12478]  do_syscall_64+0x3d/0xb0
[ 2246.718730][T12478]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2246.724456][T12478] RIP: 0033:0x7fbee4943dd3
[ 2246.728798][T12478] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[ 2246.748248][T12478] RSP: 002b:00007ffd0feec378 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2246.756496][T12478] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbee4943dd3
[ 2246.764292][T12478] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 2246.772113][T12478] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2246.780008][T12478] R10: 0000555556f58750 R11: 0000000000000246 R12: 0000000000000001
[ 2246.787819][T12478] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 2246.795632][T12478]  </TASK>
[ 2246.798515][T12478] 
[ 2246.800674][T12478] The buggy address belongs to the page:
[ 2246.806131][T12478] page:ffffea0007000000 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x1c0000
[ 2246.816459][T12478] flags: 0x4000000000000000(zone=1)
[ 2246.821590][T12478] raw: 4000000000000000 ffffea0006fc0008 ffffea0007030008 0000000000000000
[ 2246.830012][T12478] raw: 0000000000000000 000000000000000a 00000000ffffff7f 0000000000000000
[ 2246.838420][T12478] page dumped because: kasan: bad access detected
[ 2246.844673][T12478] page_owner tracks the page as freed
[ 2246.849870][T12478] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x506dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_ZERO|__GFP_ACCOUNT), pid 12404, ts 2026661785101, free_ts 2030424442310
[ 2246.868793][T12478]  post_alloc_hook+0x1a3/0x1b0
[ 2246.873392][T12478]  prep_new_page+0x1b/0x110
[ 2246.877732][T12478]  get_page_from_freelist+0x3550/0x35d0
[ 2246.883113][T12478]  __alloc_pages+0x27e/0x8f0
[ 2246.887540][T12478]  bpf_ringbuf_alloc+0xd0/0x3d0
[ 2246.892231][T12478]  ringbuf_map_alloc+0x202/0x320
[ 2246.897009][T12478]  map_create+0x411/0x2050
[ 2246.901252][T12478]  __sys_bpf+0x296/0x760
[ 2246.905354][T12478]  __x64_sys_bpf+0x7c/0x90
[ 2246.909584][T12478]  do_syscall_64+0x3d/0xb0
[ 2246.913836][T12478]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2246.919568][T12478] page last free stack trace:
[ 2246.924078][T12478]  free_unref_page_prepare+0x7c8/0x7d0
[ 2246.929376][T12478]  free_unref_page+0xe8/0x750
[ 2246.933890][T12478]  __free_pages+0x61/0xf0
[ 2246.938050][T12478]  ringbuf_map_free+0xbe/0x120
[ 2246.942653][T12478]  bpf_map_free_deferred+0x10d/0x1e0
[ 2246.947772][T12478]  process_one_work+0x6bb/0xc10
[ 2246.952459][T12478]  worker_thread+0xad5/0x12a0
[ 2246.956972][T12478]  kthread+0x421/0x510
[ 2246.960879][T12478]  ret_from_fork+0x1f/0x30
[ 2246.965135][T12478] 
[ 2246.967302][T12478] Memory state around the buggy address:
[ 2246.972772][T12478]  ffff8881bfffff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2246.980675][T12478]  ffff8881bfffff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2246.988666][T12478] >ffff8881c0000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000618120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x19000000}, 0x48)

22:40:18 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43c00)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000718120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1a000000}, 0x48)

[ 2246.996553][T12478]                       ^
[ 2247.000720][T12478]  ffff8881c0000080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2247.008627][T12478]  ffff8881c0000100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2247.016518][T12478] ==================================================================
[ 2247.024412][T12478] Disabling lock debugging due to kernel taint
[ 2247.070827][T26522] FAULT_INJECTION: forcing a failure.
[ 2247.070827][T26522] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2247.091564][T26522] CPU: 1 PID: 26522 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2247.103138][T26522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2247.113024][T26522] Call Trace:
[ 2247.116151][T26522]  <TASK>
[ 2247.118922][T26522]  dump_stack_lvl+0x151/0x1b7
[ 2247.123439][T26522]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2247.128900][T26522]  ? __wake_up_klogd+0xd5/0x110
[ 2247.133603][T26522]  dump_stack+0x15/0x17
[ 2247.137582][T26522]  should_fail+0x3c6/0x510
[ 2247.141839][T26522]  should_fail_alloc_page+0x5a/0x80
[ 2247.146869][T26522]  prepare_alloc_pages+0x15c/0x700
[ 2247.151817][T26522]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2247.156846][T26522]  ? sched_clock+0x9/0x10
[ 2247.161029][T26522]  __alloc_pages+0x18c/0x8f0
[ 2247.165440][T26522]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.171083][T26522]  ? prep_new_page+0x110/0x110
[ 2247.175684][T26522]  ? 0xffffffffa0030000
[ 2247.179674][T26522]  ? is_bpf_text_address+0x172/0x190
[ 2247.184796][T26522]  pte_alloc_one+0x73/0x1b0
[ 2247.189136][T26522]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2247.194170][T26522]  __pte_alloc+0x86/0x350
[ 2247.198332][T26522]  ? irqentry_exit+0x30/0x40
[ 2247.202764][T26522]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.208402][T26522]  ? free_pgtables+0x280/0x280
[ 2247.213002][T26522]  ? copy_page_range+0x27d0/0x2f90
[ 2247.218056][T26522]  copy_page_range+0x28a8/0x2f90
[ 2247.222826][T26522]  ? __kasan_slab_alloc+0xb1/0xe0
[ 2247.227680][T26522]  ? pfn_valid+0x1e0/0x1e0
[ 2247.231924][T26522]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[ 2247.237479][T26522]  ? __rb_insert_augmented+0x5de/0x610
[ 2247.242786][T26522]  copy_mm+0xc7e/0x13e0
[ 2247.246777][T26522]  ? copy_signal+0x610/0x610
[ 2247.251222][T26522]  ? __init_rwsem+0xd6/0x1c0
[ 2247.255617][T26522]  ? copy_signal+0x4e3/0x610
[ 2247.260042][T26522]  copy_process+0x1149/0x3290
[ 2247.264645][T26522]  ? proc_fail_nth_write+0x20b/0x290
[ 2247.269762][T26522]  ? fsnotify_perm+0x6a/0x5d0
[ 2247.274379][T26522]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2247.279321][T26522]  ? vfs_write+0x9ec/0x1110
[ 2247.283686][T26522]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2247.288862][T26522]  kernel_clone+0x21e/0x9e0
[ 2247.293266][T26522]  ? irqentry_exit+0x30/0x40
[ 2247.297622][T26522]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.303265][T26522]  ? create_io_thread+0x1e0/0x1e0
[ 2247.308135][T26522]  __x64_sys_clone+0x23f/0x290
[ 2247.312728][T26522]  ? __do_sys_vfork+0x130/0x130
[ 2247.317413][T26522]  ? ksys_write+0x260/0x2c0
[ 2247.321753][T26522]  ? debug_smp_processor_id+0x17/0x20
[ 2247.326971][T26522]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2247.332871][T26522]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2247.338481][T26522]  do_syscall_64+0x3d/0xb0
[ 2247.342836][T26522]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.348557][T26522]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2247.354279][T26522] RIP: 0033:0x7fbee4946da9
[ 2247.358532][T26522] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2247.377974][T26522] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2247.386223][T26522] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2247.394031][T26522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2247.401841][T26522] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2247.409653][T26522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1b000000}, 0x48)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000818120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1c000000}, 0x48)

22:40:18 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43d00)

[ 2247.417473][T26522] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2247.425298][T26522]  </TASK>
22:40:18 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1d000000}, 0x48)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1e000000}, 0x48)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1f000000}, 0x48)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000c18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43e00)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x20000000}, 0x48)

22:40:18 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000e18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:18 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x21000000}, 0x48)

[ 2247.556967][T26548] FAULT_INJECTION: forcing a failure.
[ 2247.556967][T26548] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2247.581738][T26548] CPU: 0 PID: 26548 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2247.593300][T26548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2247.603281][T26548] Call Trace:
[ 2247.606402][T26548]  <TASK>
[ 2247.609308][T26548]  dump_stack_lvl+0x151/0x1b7
[ 2247.613815][T26548]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2247.619294][T26548]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.625036][T26548]  dump_stack+0x15/0x17
[ 2247.629028][T26548]  should_fail+0x3c6/0x510
[ 2247.633279][T26548]  should_fail_alloc_page+0x5a/0x80
[ 2247.638322][T26548]  prepare_alloc_pages+0x15c/0x700
[ 2247.643263][T26548]  ? __alloc_pages_bulk+0xe40/0xe40
[ 2247.648386][T26548]  __alloc_pages+0x18c/0x8f0
[ 2247.652805][T26548]  ? prep_new_page+0x110/0x110
[ 2247.657407][T26548]  ? __schedule+0xcd4/0x1590
[ 2247.661833][T26548]  ? irqentry_exit+0x30/0x40
[ 2247.666260][T26548]  pte_alloc_one+0x73/0x1b0
[ 2247.670600][T26548]  ? pfn_modify_allowed+0x2f0/0x2f0
[ 2247.675634][T26548]  __pte_alloc+0x86/0x350
[ 2247.679798][T26548]  ? irqentry_exit+0x30/0x40
[ 2247.684224][T26548]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.689882][T26548]  ? free_pgtables+0x280/0x280
[ 2247.694471][T26548]  ? __kasan_check_write+0x14/0x20
[ 2247.699418][T26548]  copy_page_range+0x28a8/0x2f90
[ 2247.704194][T26548]  ? pfn_valid+0x1e0/0x1e0
[ 2247.708441][T26548]  ? __vma_link_rb+0x4c5/0x550
[ 2247.713069][T26548]  ? trace_raw_output_vm_unmapped_area+0x220/0x220
[ 2247.719385][T26548]  ? __rb_insert_augmented+0xa6/0x610
[ 2247.724585][T26548]  copy_mm+0xc7e/0x13e0
[ 2247.728581][T26548]  ? copy_signal+0x610/0x610
[ 2247.733004][T26548]  ? __init_rwsem+0xd6/0x1c0
[ 2247.737434][T26548]  ? copy_signal+0x4e3/0x610
[ 2247.741854][T26548]  copy_process+0x1149/0x3290
[ 2247.746388][T26548]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 2247.751931][T26548]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2247.756873][T26548]  kernel_clone+0x21e/0x9e0
[ 2247.761210][T26548]  ? irqentry_exit+0x30/0x40
[ 2247.765646][T26548]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.771292][T26548]  ? create_io_thread+0x1e0/0x1e0
[ 2247.776144][T26548]  __x64_sys_clone+0x23f/0x290
[ 2247.780751][T26548]  ? __do_sys_vfork+0x130/0x130
[ 2247.785430][T26548]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2247.791241][T26548]  do_syscall_64+0x3d/0xb0
[ 2247.795498][T26548]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2247.801135][T26548]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2247.806863][T26548] RIP: 0033:0x7fbee4946da9
[ 2247.811116][T26548] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2247.830560][T26548] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2247.838977][T26548] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2247.846786][T26548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2247.854598][T26548] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2247.862422][T26548] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2247.870254][T26548] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2247.878126][T26548]  </TASK>
22:40:19 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000f18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:19 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x22000000}, 0x48)

22:40:19 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x43f00)

22:40:19 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:19 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69)

22:40:19 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001001018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:19 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x23000000}, 0x48)

22:40:19 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001001818120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:19 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x54ac02a0}, 0x48)

22:40:19 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x44000)

[ 2248.394488][T26575] FAULT_INJECTION: forcing a failure.
[ 2248.394488][T26575] name failslab, interval 1, probability 0, space 0, times 0
[ 2248.410039][T26575] CPU: 0 PID: 26575 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2248.421598][T26575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2248.431487][T26575] Call Trace:
[ 2248.434612][T26575]  <TASK>
[ 2248.437388][T26575]  dump_stack_lvl+0x151/0x1b7
[ 2248.441902][T26575]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2248.447371][T26575]  ? _printk+0x106/0x111
[ 2248.451444][T26575]  dump_stack+0x15/0x17
[ 2248.455439][T26575]  should_fail+0x3c6/0x510
[ 2248.459692][T26575]  __should_failslab+0xa4/0xe0
[ 2248.464290][T26575]  ? vm_area_dup+0x26/0x230
[ 2248.468629][T26575]  should_failslab+0x9/0x20
[ 2248.472970][T26575]  slab_pre_alloc_hook+0x37/0xd0
[ 2248.477916][T26575]  ? vm_area_dup+0x26/0x230
[ 2248.482254][T26575]  kmem_cache_alloc+0x44/0x200
[ 2248.486857][T26575]  vm_area_dup+0x26/0x230
[ 2248.491023][T26575]  copy_mm+0x9a1/0x13e0
[ 2248.495022][T26575]  ? copy_signal+0x610/0x610
[ 2248.499442][T26575]  ? __init_rwsem+0xd6/0x1c0
[ 2248.503868][T26575]  ? copy_signal+0x4e3/0x610
[ 2248.508294][T26575]  copy_process+0x1149/0x3290
[ 2248.512815][T26575]  ? timerqueue_add+0x250/0x270
[ 2248.517593][T26575]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2248.522539][T26575]  ? enqueue_hrtimer+0xca/0x240
[ 2248.527226][T26575]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2248.532436][T26575]  kernel_clone+0x21e/0x9e0
[ 2248.536776][T26575]  ? irqentry_exit+0x30/0x40
[ 2248.541202][T26575]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2248.546840][T26575]  ? create_io_thread+0x1e0/0x1e0
[ 2248.551704][T26575]  __x64_sys_clone+0x23f/0x290
[ 2248.556305][T26575]  ? __do_sys_vfork+0x130/0x130
[ 2248.560992][T26575]  ? debug_smp_processor_id+0x17/0x20
[ 2248.566198][T26575]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2248.572099][T26575]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2248.577576][T26575]  do_syscall_64+0x3d/0xb0
[ 2248.581819][T26575]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2248.587469][T26575]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2248.593188][T26575] RIP: 0033:0x7fbee4946da9
[ 2248.597444][T26575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2248.616883][T26575] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2248.625132][T26575] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2248.632940][T26575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa002ac54}, 0x48)

[ 2248.640750][T26575] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2248.648562][T26575] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2248.656374][T26575] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2248.664188][T26575]  </TASK>
22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x44100)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa0030000}, 0x48)

22:40:20 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001003c18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x3a0ffffffff}, 0x48)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x100000000000000}, 0x48)

22:40:20 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x200000000000000}, 0x48)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x300000000000000}, 0x48)

22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x46115)

[ 2248.820269][T26597] FAULT_INJECTION: forcing a failure.
[ 2248.820269][T26597] name failslab, interval 1, probability 0, space 0, times 0
[ 2248.847417][T26597] CPU: 1 PID: 26597 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2248.858979][T26597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2248.868875][T26597] Call Trace:
[ 2248.871999][T26597]  <TASK>
[ 2248.874773][T26597]  dump_stack_lvl+0x151/0x1b7
[ 2248.879295][T26597]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2248.884765][T26597]  dump_stack+0x15/0x17
[ 2248.888750][T26597]  should_fail+0x3c6/0x510
[ 2248.893011][T26597]  __should_failslab+0xa4/0xe0
[ 2248.897601][T26597]  ? anon_vma_clone+0x9a/0x500
[ 2248.902202][T26597]  should_failslab+0x9/0x20
[ 2248.906540][T26597]  slab_pre_alloc_hook+0x37/0xd0
[ 2248.911311][T26597]  ? anon_vma_clone+0x9a/0x500
[ 2248.915911][T26597]  kmem_cache_alloc+0x44/0x200
[ 2248.920509][T26597]  anon_vma_clone+0x9a/0x500
[ 2248.924938][T26597]  anon_vma_fork+0x91/0x4e0
[ 2248.929273][T26597]  ? anon_vma_name+0x43/0x70
[ 2248.933699][T26597]  ? vm_area_dup+0x17a/0x230
[ 2248.938128][T26597]  copy_mm+0xa3a/0x13e0
[ 2248.942122][T26597]  ? copy_signal+0x610/0x610
[ 2248.946545][T26597]  ? __init_rwsem+0xd6/0x1c0
[ 2248.950987][T26597]  ? copy_signal+0x4e3/0x610
[ 2248.955406][T26597]  copy_process+0x1149/0x3290
[ 2248.959913][T26597]  ? timerqueue_add+0x250/0x270
[ 2248.964686][T26597]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2248.969634][T26597]  ? enqueue_hrtimer+0xca/0x240
[ 2248.974320][T26597]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2248.979526][T26597]  kernel_clone+0x21e/0x9e0
[ 2248.983868][T26597]  ? create_io_thread+0x1e0/0x1e0
[ 2248.988729][T26597]  ? clockevents_program_event+0x22f/0x300
[ 2248.994372][T26597]  __x64_sys_clone+0x23f/0x290
[ 2248.998970][T26597]  ? __do_sys_vfork+0x130/0x130
[ 2249.003656][T26597]  ? syscall_enter_from_user_mode+0x19/0x1b0
[ 2249.009470][T26597]  do_syscall_64+0x3d/0xb0
[ 2249.013725][T26597]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2249.019374][T26597]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2249.025095][T26597] RIP: 0033:0x7fbee4946da9
[ 2249.029462][T26597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2249.048873][T26597] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2249.057246][T26597] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x400000000000000}, 0x48)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x500000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001004b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x49000)

[ 2249.065044][T26597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2249.072856][T26597] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2249.080673][T26597] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2249.088478][T26597] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2249.096294][T26597]  </TASK>
22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x600000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x700000000000000}, 0x48)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x800000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006218120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x900000000000000}, 0x48)

22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x4fe01)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xa00000000000000}, 0x48)

22:40:20 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xb00000000000000}, 0x48)

22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x248800)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xc00000000000000}, 0x48)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xd00000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe00000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001006b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xf00000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007118120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1000000000000000}, 0x48)

22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007218120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:20 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x20040181)

22:40:20 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x6, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @cb_func={0x18, 0x7}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:20 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1100000000000000}, 0x48)

[ 2249.618356][T26670] FAULT_INJECTION: forcing a failure.
[ 2249.618356][T26670] name failslab, interval 1, probability 0, space 0, times 0
[ 2249.653344][T26670] CPU: 0 PID: 26670 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
22:40:20 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1200000000000000}, 0x48)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1300000000000000}, 0x48)

[ 2249.664907][T26670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2249.674806][T26670] Call Trace:
[ 2249.677953][T26670]  <TASK>
[ 2249.680701][T26670]  dump_stack_lvl+0x151/0x1b7
[ 2249.685229][T26670]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2249.690684][T26670]  dump_stack+0x15/0x17
[ 2249.694677][T26670]  should_fail+0x3c6/0x510
[ 2249.698928][T26670]  __should_failslab+0xa4/0xe0
[ 2249.703525][T26670]  ? anon_vma_clone+0x9a/0x500
[ 2249.708142][T26670]  should_failslab+0x9/0x20
[ 2249.712464][T26670]  slab_pre_alloc_hook+0x37/0xd0
22:40:21 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2249.717241][T26670]  ? anon_vma_clone+0x9a/0x500
[ 2249.721840][T26670]  kmem_cache_alloc+0x44/0x200
[ 2249.726444][T26670]  anon_vma_clone+0x9a/0x500
[ 2249.730867][T26670]  anon_vma_fork+0x91/0x4e0
[ 2249.735204][T26670]  ? anon_vma_name+0x43/0x70
[ 2249.739631][T26670]  ? vm_area_dup+0x17a/0x230
[ 2249.744056][T26670]  copy_mm+0xa3a/0x13e0
[ 2249.748048][T26670]  ? irqentry_exit+0x30/0x40
[ 2249.752503][T26670]  ? copy_signal+0x610/0x610
[ 2249.756901][T26670]  ? __init_rwsem+0xd6/0x1c0
[ 2249.761331][T26670]  ? copy_signal+0x4e3/0x610
[ 2249.765759][T26670]  copy_process+0x1149/0x3290
[ 2249.770273][T26670]  ? timerqueue_add+0x250/0x270
[ 2249.774957][T26670]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2249.779904][T26670]  ? enqueue_hrtimer+0xca/0x240
[ 2249.784588][T26670]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2249.789797][T26670]  kernel_clone+0x21e/0x9e0
[ 2249.794138][T26670]  ? create_io_thread+0x1e0/0x1e0
[ 2249.798993][T26670]  ? clockevents_program_event+0x22f/0x300
[ 2249.804738][T26670]  __x64_sys_clone+0x23f/0x290
[ 2249.809340][T26670]  ? __do_sys_vfork+0x130/0x130
[ 2249.814021][T26670]  ? debug_smp_processor_id+0x17/0x20
[ 2249.819321][T26670]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2249.825313][T26670]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2249.830782][T26670]  do_syscall_64+0x3d/0xb0
[ 2249.835037][T26670]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2249.840684][T26670]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2249.846403][T26670] RIP: 0033:0x7fbee4946da9
[ 2249.850658][T26670] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2249.870103][T26670] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2249.878341][T26670] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2249.886154][T26670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2249.893965][T26670] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2249.901775][T26670] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2249.909587][T26670] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1400000000000000}, 0x48)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1500000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007918120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

[ 2249.917404][T26670]  </TASK>
22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1600000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007a18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1700000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001007b18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1800000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001008318120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1900000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100001c120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1a00000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100001d120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100001e120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1b00000000000000}, 0x48)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1c00000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="180900000000000000000000000100001f120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1d00000000000000}, 0x48)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1e00000000000000}, 0x48)

22:40:21 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000300)="52fd288bb02312f731", 0x9}], 0x1}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0x2, &(0x7f0000000440)=@raw=[@map_fd={0x18, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0x3, 0x0, 0x0, 0xc2e00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x800003, 0x5}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x3, 0x1000}, 0x10, r4, r3, 0x0, &(0x7f0000000540)=[r5]}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x11, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, @map_idx={0x18, 0xa}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1}, 0x90)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f00000014c0))
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000001600)={&(0x7f0000001500)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001540)="ddeef6e28ea4eda617ef11316f955df568a1ea1d567709f75e9c197770b018e57a16a85ec20b831b2baa0f841dcb5e5ede3915182a43bcf9f64e61c5980e272829816ac1611c", 0x46}], 0x1}, 0x44814)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000020120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x1f00000000000000}, 0x48)

22:40:21 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000021120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:21 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2000000000000000}, 0x48)

[ 2250.465062][T26739] FAULT_INJECTION: forcing a failure.
[ 2250.465062][T26739] name failslab, interval 1, probability 0, space 0, times 0
[ 2250.492460][T26739] CPU: 0 PID: 26739 Comm: syz-executor.1 Tainted: G    B   W         5.15.148-syzkaller-00718-g993bed180178 #0
[ 2250.504017][T26739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 2250.513914][T26739] Call Trace:
[ 2250.517034][T26739]  <TASK>
[ 2250.519809][T26739]  dump_stack_lvl+0x151/0x1b7
[ 2250.524326][T26739]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 2250.529794][T26739]  dump_stack+0x15/0x17
[ 2250.533873][T26739]  should_fail+0x3c6/0x510
[ 2250.538125][T26739]  __should_failslab+0xa4/0xe0
[ 2250.542725][T26739]  ? anon_vma_fork+0xf7/0x4e0
[ 2250.547259][T26739]  should_failslab+0x9/0x20
[ 2250.551581][T26739]  slab_pre_alloc_hook+0x37/0xd0
[ 2250.556362][T26739]  ? anon_vma_fork+0xf7/0x4e0
[ 2250.560862][T26739]  kmem_cache_alloc+0x44/0x200
[ 2250.565465][T26739]  anon_vma_fork+0xf7/0x4e0
[ 2250.569803][T26739]  ? anon_vma_name+0x43/0x70
[ 2250.574230][T26739]  ? vm_area_dup+0x17a/0x230
[ 2250.578657][T26739]  copy_mm+0xa3a/0x13e0
[ 2250.582651][T26739]  ? copy_signal+0x610/0x610
[ 2250.587077][T26739]  ? __init_rwsem+0xd6/0x1c0
[ 2250.591500][T26739]  ? copy_signal+0x4e3/0x610
[ 2250.595932][T26739]  copy_process+0x1149/0x3290
[ 2250.600445][T26739]  ? timerqueue_add+0x250/0x270
[ 2250.605131][T26739]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[ 2250.610076][T26739]  ? enqueue_hrtimer+0xca/0x240
22:40:22 executing program 0:
bpf$ITER_CREATE(0xb, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r0, &(0x7f0000000000), 0x248800)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0xfffffdef)

22:40:22 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000024120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:22 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2100000000000000}, 0x48)

22:40:22 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x80)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x1, &(0x7f0000001340)=ANY=[], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002bc0)={&(0x7f0000002800)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000340)="796dd263c607278df66dfd376f1358bf74ab73f674b1113b56a8180eefb6c4e27b358b6f5f5ceabd8ddb24ff5194b428e8fb041e972f25dc08f66963de8d63f8c4118e97b808bf703189348afab3f7a04351cf35d91900722b53e559cbc25bc049cffff25d49fdd910762ac4e760944a0b4198d4ba348cf958b38db78c52f73519fd313440", 0x85}], 0x3, &(0x7f0000000440)}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002dc0)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], <r4=>0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x40, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80000}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002ec0)={0x0, 0x4, &(0x7f0000000240)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], &(0x7f0000001480)='GPL\x00', 0xfffffffa, 0xcb, &(0x7f0000002cc0)=""/203, 0x41100, 0x0, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000002e00)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000002e40)={0x2, 0xf, 0x3f}, 0x10, r4, r1, 0x0, &(0x7f0000002e80)=[r0]}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.empty_time\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000017c0)=@bloom_filter={0x1e, 0x81, 0x80000001, 0x1, 0x214, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x48)
syz_clone(0x75848400, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2250.614771][T26739]  ? __hrtimer_run_queues+0x46b/0xad0
[ 2250.619975][T26739]  kernel_clone+0x21e/0x9e0
[ 2250.624308][T26739]  ? irqentry_exit+0x30/0x40
[ 2250.628731][T26739]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2250.634376][T26739]  ? create_io_thread+0x1e0/0x1e0
[ 2250.639236][T26739]  __x64_sys_clone+0x23f/0x290
[ 2250.643836][T26739]  ? __do_sys_vfork+0x130/0x130
[ 2250.648529][T26739]  ? debug_smp_processor_id+0x17/0x20
[ 2250.653741][T26739]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2250.659639][T26739]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2250.665106][T26739]  do_syscall_64+0x3d/0xb0
[ 2250.669360][T26739]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 2250.675002][T26739]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 2250.680882][T26739] RIP: 0033:0x7fbee4946da9
[ 2250.685114][T26739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2250.704556][T26739] RSP: 002b:00007fbee36c8078 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
22:40:22 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2200000000000000}, 0x48)

22:40:22 executing program 3:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000001000025120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22:40:22 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x2300000000000000}, 0x48)

[ 2250.712821][T26739] RAX: ffffffffffffffda RBX: 00007fbee4a74f80 RCX: 00007fbee4946da9
[ 2250.720619][T26739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000075848400
[ 2250.728431][T26739] RBP: 00007fbee36c8120 R08: 0000000000000000 R09: 0000000000000000
[ 2250.736236][T26739] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 2250.744046][T26739] R13: 000000000000000b R14: 00007fbee4a74f80 R15: 00007ffd0feec168
[ 2250.751864][T26739]  </TASK>
22:40:22 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000001300)=ANY=[@ANYBLOB="1a010180c5650000000000004b64ff8500000005b056f4d67561d2d30f88"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000008c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="9feb0120ff0000000000ffec0c0000000c00000006000000050000009e3836ec62c7ed8a57a8ae74865679f83f76eae85d20e083cb98fba3a2ca2fc899a10ca8a894457d78a5a9d84fd2c1b5bc5303a598b43fe6e9331d3d0423f3e17e3501b2a520391c9afdcde9b905ba9178003623e9a667c3306614af2823577fef91d725ca4b92c5bd3cc6e01c185a8bba6c5fde8097dfcee221"], &(0x7f0000000800)=""/190, 0x2a, 0xbe, 0x1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x10}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$in