0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:23 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:25 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:25 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:26 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:27 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:27 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:27 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:28 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:28 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:28 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:29 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:29 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:29 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:29 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:30 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:30 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:30 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:31 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:31 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:31 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:31 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:31 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:32 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:33 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:33 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:33 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:33 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:33 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:34 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:34 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:34 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:34 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:35 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 12:40:35 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 12:40:35 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 12:40:35 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:35 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:36 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:36 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:36 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:36 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:37 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:37 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:37 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:38 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:38 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:38 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:38 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:39 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:39 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:39 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:39 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:41 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:40:42 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) stat(&(0x7f0000000ac0)='\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:42 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:43 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:43 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:43 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:43 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:43 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:44 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:44 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:44 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:45 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:45 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:45 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:45 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:45 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:46 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:46 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:46 executing program 3: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:47 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:47 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:47 executing program 3: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:47 executing program 3: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:48 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:48 executing program 3: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:48 executing program 2: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:48 executing program 1: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:49 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:49 executing program 3: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:49 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:49 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:49 executing program 3: sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:50 executing program 3: getpid() sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:50 executing program 3: getpid() sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:50 executing program 3: getpid() sched_setscheduler(0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:40:50 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:51 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2801.178153] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2801.270195] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2801.290578] CPU: 0 PID: 29902 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2801.298683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2801.308060] Call Trace: [ 2801.310663] dump_stack+0x142/0x197 [ 2801.314306] warn_alloc.cold+0x96/0x1af [ 2801.318293] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2801.319967] syz-executor.5: [ 2801.323145] ? check_preemption_disabled+0x3c/0x250 [ 2801.323169] __alloc_pages_slowpath+0x23c6/0x2930 [ 2801.323196] ? warn_alloc+0xf0/0xf0 [ 2801.323222] ? __might_sleep+0x93/0xb0 [ 2801.323234] __alloc_pages_nodemask+0x62c/0x7a0 [ 2801.323250] ? rcu_read_lock_sched_held+0x110/0x130 [ 2801.329843] page allocation failure: order:0 [ 2801.331332] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2801.331353] alloc_pages_current+0xec/0x1e0 12:40:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2801.331370] kvm_mmu_create+0xdf/0x1e0 [ 2801.331385] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2801.331400] kvm_vcpu_init+0x272/0x360 [ 2801.331412] vmx_create_vcpu+0xfc/0x2aa0 [ 2801.331426] ? mutex_trylock+0x1c0/0x1c0 [ 2801.342521] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2801.343799] ? handle_rdmsr+0x6e0/0x6e0 [ 2801.343814] ? wait_for_completion+0x420/0x420 [ 2801.343831] kvm_arch_vcpu_create+0x8c/0xc0 [ 2801.343851] kvm_vm_ioctl+0x501/0x1600 [ 2801.351483] (null) [ 2801.353724] ? __lock_acquire+0x5f7/0x4620 [ 2801.353745] ? kvm_vcpu_release+0xa0/0xa0 [ 2801.353756] ? trace_hardirqs_on+0x10/0x10 [ 2801.353766] ? retint_kernel+0x2d/0x2d [ 2801.353777] ? trace_hardirqs_on_caller+0x400/0x590 [ 2801.353788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2801.353800] ? check_preemption_disabled+0x3c/0x250 [ 2801.353808] ? retint_kernel+0x2d/0x2d [ 2801.353826] ? do_vfs_ioctl+0xd29/0x1060 [ 2801.353837] ? kvm_vcpu_release+0xa0/0xa0 [ 2801.353848] do_vfs_ioctl+0x7ae/0x1060 [ 2801.353867] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2801.353876] ? lock_downgrade+0x740/0x740 [ 2801.353888] ? ioctl_preallocate+0x1c0/0x1c0 [ 2801.353902] ? __fget+0x237/0x370 [ 2801.363175] syz-executor.5 cpuset= [ 2801.363380] ? security_file_ioctl+0x89/0xb0 [ 2801.363404] SyS_ioctl+0x8f/0xc0 [ 2801.363421] ? do_vfs_ioctl+0x1060/0x1060 [ 2801.374061] syz5 [ 2801.375949] do_syscall_64+0x1e8/0x640 [ 2801.388467] mems_allowed=0-1 [ 2801.393837] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2801.393857] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2801.393864] RIP: 0033:0x45b399 [ 2801.393870] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2801.393882] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2801.393888] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2801.393894] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2801.393900] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2801.393905] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2801.566563] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2801.567427] CPU: 1 PID: 29911 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2801.585170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2801.594533] Call Trace: [ 2801.597137] dump_stack+0x142/0x197 [ 2801.600785] warn_alloc.cold+0x96/0x1af [ 2801.604627] syz-executor.2 cpuset= [ 2801.604766] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2801.604786] ? wait_for_completion+0x420/0x420 [ 2801.608789] syz2 [ 2801.613308] __alloc_pages_slowpath+0x23c6/0x2930 [ 2801.624766] ? warn_alloc+0xf0/0xf0 [ 2801.628445] ? __might_sleep+0x93/0xb0 [ 2801.632446] __alloc_pages_nodemask+0x62c/0x7a0 [ 2801.637132] ? rcu_read_lock_sched_held+0x110/0x130 [ 2801.644176] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2801.647756] mems_allowed=0-1 [ 2801.649295] ? check_preemption_disabled+0x3c/0x250 [ 2801.649315] alloc_pages_current+0xec/0x1e0 [ 2801.649331] kvm_mmu_create+0xdf/0x1e0 [ 2801.649351] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2801.670152] kvm_vcpu_init+0x272/0x360 [ 2801.674066] vmx_create_vcpu+0xfc/0x2aa0 [ 2801.678146] ? mutex_trylock+0x1c0/0x1c0 [ 2801.682333] ? handle_rdmsr+0x6e0/0x6e0 [ 2801.686322] ? wait_for_completion+0x420/0x420 [ 2801.691044] kvm_arch_vcpu_create+0x8c/0xc0 [ 2801.695390] kvm_vm_ioctl+0x501/0x1600 [ 2801.699319] ? __lock_acquire+0x5f7/0x4620 [ 2801.703571] ? find_held_lock+0x35/0x130 [ 2801.707667] ? kvm_vcpu_release+0xa0/0xa0 [ 2801.711861] ? retint_kernel+0x2d/0x2d [ 2801.715766] ? trace_hardirqs_on_caller+0x400/0x590 [ 2801.720799] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2801.725570] ? check_preemption_disabled+0x3c/0x250 [ 2801.730600] ? retint_kernel+0x2d/0x2d [ 2801.734509] ? selinux_file_ioctl+0x83/0x560 [ 2801.738942] ? selinux_file_ioctl+0xb8/0x560 [ 2801.743364] ? kvm_vcpu_release+0xa0/0xa0 [ 2801.747636] do_vfs_ioctl+0x7ae/0x1060 [ 2801.751541] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2801.756432] ? lock_downgrade+0x740/0x740 [ 2801.760593] ? ioctl_preallocate+0x1c0/0x1c0 [ 2801.765020] ? __fget+0x237/0x370 [ 2801.768487] ? security_file_ioctl+0x89/0xb0 [ 2801.772910] SyS_ioctl+0x8f/0xc0 [ 2801.776285] ? do_vfs_ioctl+0x1060/0x1060 [ 2801.780451] do_syscall_64+0x1e8/0x640 [ 2801.784356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2801.789228] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2801.794438] RIP: 0033:0x45b399 [ 2801.797632] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2801.805359] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2801.808686] warn_alloc_show_mem: 1 callbacks suppressed [ 2801.808691] Mem-Info: [ 2801.812632] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2801.812638] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2801.812643] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2801.812648] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2801.854612] CPU: 0 PID: 29858 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2801.862536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2801.871895] Call Trace: [ 2801.874500] dump_stack+0x142/0x197 [ 2801.878122] warn_alloc.cold+0x96/0x1af [ 2801.882086] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2801.886939] ? wait_for_completion+0x420/0x420 [ 2801.891634] __alloc_pages_slowpath+0x23c6/0x2930 [ 2801.896485] ? warn_alloc+0xf0/0xf0 [ 2801.900149] ? __might_sleep+0x93/0xb0 [ 2801.904135] __alloc_pages_nodemask+0x62c/0x7a0 [ 2801.908815] ? retint_kernel+0x2d/0x2d [ 2801.912697] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2801.917718] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2801.922474] ? check_preemption_disabled+0x3c/0x250 [ 2801.927497] ? retint_kernel+0x2d/0x2d [ 2801.931395] alloc_pages_current+0xec/0x1e0 [ 2801.935717] kvm_mmu_create+0xdf/0x1e0 [ 2801.939601] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2801.943931] kvm_vcpu_init+0x272/0x360 [ 2801.947977] vmx_create_vcpu+0xfc/0x2aa0 [ 2801.952054] ? mutex_trylock+0x1c0/0x1c0 [ 2801.956118] ? retint_kernel+0x2d/0x2d [ 2801.960017] ? handle_rdmsr+0x6e0/0x6e0 [ 2801.964010] ? wait_for_completion+0x420/0x420 [ 2801.968609] kvm_arch_vcpu_create+0x8c/0xc0 [ 2801.972947] kvm_vm_ioctl+0x501/0x1600 [ 2801.976843] ? __lock_acquire+0x5f7/0x4620 [ 2801.981694] ? kvm_vcpu_release+0xa0/0xa0 [ 2801.985974] ? retint_kernel+0x2d/0x2d [ 2801.989893] ? trace_hardirqs_on_caller+0x400/0x590 [ 2801.994924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2801.999696] ? check_preemption_disabled+0x3c/0x250 [ 2802.004718] ? retint_kernel+0x2d/0x2d [ 2802.008611] ? selinux_file_ioctl+0x24a/0x560 [ 2802.013112] ? kvm_vcpu_release+0xa0/0xa0 [ 2802.017402] do_vfs_ioctl+0x7ae/0x1060 [ 2802.021310] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2802.026078] ? lock_downgrade+0x740/0x740 [ 2802.030245] ? ioctl_preallocate+0x1c0/0x1c0 [ 2802.034671] ? __fget+0x237/0x370 [ 2802.038127] ? security_file_ioctl+0x89/0xb0 [ 2802.042545] SyS_ioctl+0x8f/0xc0 [ 2802.046020] ? do_vfs_ioctl+0x1060/0x1060 [ 2802.050281] do_syscall_64+0x1e8/0x640 [ 2802.054237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2802.059094] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2802.064283] RIP: 0033:0x45b399 [ 2802.067460] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2802.075172] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2802.082454] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2802.089729] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2802.097013] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2802.104292] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2802.145602] active_anon:1271472 inactive_anon:1219 isolated_anon:0 [ 2802.145602] active_file:2631 inactive_file:18476 isolated_file:2 [ 2802.145602] unevictable:0 dirty:32 writeback:4 unstable:0 [ 2802.145602] slab_reclaimable:25224 slab_unreclaimable:117892 [ 2802.145602] mapped:58571 shmem:244 pagetables:32563 bounce:0 [ 2802.145602] free:45838 free_pcp:180 free_cma:0 [ 2802.188771] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208920kB dirty:8kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2802.224176] Node 1 active_anon:3216996kB inactive_anon:12kB active_file:10512kB inactive_file:78196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25364kB dirty:4420kB writeback:16kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2802.260927] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.295071] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2802.302296] Node 0 DMA32 free:33140kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:8kB unevictable:0kB writepending:8kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:44kB local_pcp:0kB free_cma:0kB [ 2802.354932] lowmem_reserve[]: 0 0 0 0 0 [ 2802.413520] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.443472] lowmem_reserve[]: 0 0 0 0 0 [ 2802.448676] Node 1 Normal free:127960kB min:53504kB low:66880kB high:80256kB active_anon:3214044kB inactive_anon:12kB active_file:10512kB inactive_file:86584kB unevictable:0kB writepending:12596kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:22912kB pagetables:73996kB bounce:0kB free_pcp:1244kB local_pcp:560kB free_cma:0kB [ 2802.519803] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2802.531367] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2802.536917] CPU: 0 PID: 29915 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2802.544816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2802.554180] Call Trace: [ 2802.556919] dump_stack+0x142/0x197 [ 2802.560563] warn_alloc.cold+0x96/0x1af [ 2802.564550] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2802.569403] ? check_preemption_disabled+0x3c/0x250 [ 2802.574434] ? retint_kernel+0x2d/0x2d [ 2802.578343] __alloc_pages_slowpath+0x23c6/0x2930 [ 2802.583245] ? warn_alloc+0xf0/0xf0 [ 2802.586893] ? __might_sleep+0x93/0xb0 [ 2802.590799] __alloc_pages_nodemask+0x62c/0x7a0 [ 2802.595475] ? retint_kernel+0x2d/0x2d [ 2802.599394] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2802.604425] ? __sanitizer_cov_trace_pc+0x29/0x60 [ 2802.609306] alloc_pages_current+0xec/0x1e0 [ 2802.613650] kvm_mmu_create+0xdf/0x1e0 [ 2802.617666] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2802.621987] kvm_vcpu_init+0x272/0x360 [ 2802.625876] vmx_create_vcpu+0xfc/0x2aa0 [ 2802.629967] ? mutex_trylock+0x1c0/0x1c0 [ 2802.634023] ? retint_kernel+0x2d/0x2d [ 2802.637910] ? handle_rdmsr+0x6e0/0x6e0 [ 2802.641891] ? wait_for_completion+0x420/0x420 [ 2802.646473] kvm_arch_vcpu_create+0x8c/0xc0 [ 2802.650816] kvm_vm_ioctl+0x501/0x1600 [ 2802.654805] ? __lock_acquire+0x5f7/0x4620 [ 2802.659043] ? kvm_vcpu_release+0xa0/0xa0 [ 2802.663197] ? trace_hardirqs_on+0x10/0x10 [ 2802.667444] ? retint_kernel+0x2d/0x2d [ 2802.671345] ? trace_hardirqs_on_caller+0x400/0x590 [ 2802.676368] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2802.681158] ? check_preemption_disabled+0x3c/0x250 [ 2802.686169] ? retint_kernel+0x2d/0x2d [ 2802.690054] ? do_vfs_ioctl+0xd29/0x1060 [ 2802.694115] ? kvm_vcpu_release+0xa0/0xa0 [ 2802.698267] do_vfs_ioctl+0x7ae/0x1060 [ 2802.702161] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2802.706911] ? lock_downgrade+0x740/0x740 [ 2802.711073] ? ioctl_preallocate+0x1c0/0x1c0 [ 2802.715495] ? __fget+0x237/0x370 [ 2802.718958] ? security_file_ioctl+0x89/0xb0 [ 2802.723362] SyS_ioctl+0x8f/0xc0 [ 2802.726744] ? do_vfs_ioctl+0x1060/0x1060 [ 2802.730898] do_syscall_64+0x1e8/0x640 [ 2802.734790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2802.739635] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2802.744823] RIP: 0033:0x45b399 [ 2802.748013] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2802.755724] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2802.762995] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2802.770391] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2802.777654] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2802.784945] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2802.796927] lowmem_reserve[]: 0 0 0 0 0 [ 2802.801189] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 4*64kB (UMEH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2802.818062] warn_alloc_show_mem: 1 callbacks suppressed [ 2802.818081] Mem-Info: [ 2802.826152] Node 0 DMA32: 391*4kB (UMH) 2598*8kB (UMEH) 657*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32892kB [ 2802.840278] active_anon:1271209 inactive_anon:1219 isolated_anon:0 [ 2802.840278] active_file:2630 inactive_file:18973 isolated_file:2 [ 2802.840278] unevictable:0 dirty:493 writeback:10 unstable:0 [ 2802.840278] slab_reclaimable:25382 slab_unreclaimable:117640 [ 2802.840278] mapped:58571 shmem:244 pagetables:32544 bounce:0 [ 2802.840278] free:45774 free_pcp:175 free_cma:0 [ 2802.881099] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2802.895754] Node 1 Normal: 154*4kB (UME) 253*8kB (UE) 205*16kB (UME) 388*32kB (UME) 265*64kB (UME) 134*128kB (UME) 73*256kB (UME) 31*512kB (UME) 12*1024kB (UME) 1*2048kB (E) 8*4096kB (M) = 134112kB [ 2802.919321] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208920kB dirty:0kB writeback:20kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2802.954021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2802.964323] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2802.977959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2802.989708] Node 1 active_anon:3214044kB inactive_anon:12kB active_file:10512kB inactive_file:90284kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25364kB dirty:16372kB writeback:20kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2803.023277] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2803.033066] 25444 total pagecache pages [ 2803.037422] 0 pages in swap cache [ 2803.048291] Swap cache stats: add 0, delete 0, find 0/0 [ 2803.054946] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2803.088780] Free swap = 0kB [ 2803.092238] Total swap = 0kB [ 2803.095561] 1965979 pages RAM [ 2803.098967] 0 pages HighMem/MovableOnly [ 2803.108772] 335855 pages reserved [ 2803.112939] 0 pages cma reserved [ 2803.118739] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2803.139646] Node 0 DMA32 free:32272kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:12kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:140kB local_pcp:40kB free_cma:0kB [ 2803.172288] lowmem_reserve[]: 0 0 0 0 0 [ 2803.176804] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2803.206764] lowmem_reserve[]: 0 0 0 0 0 [ 2803.212437] Node 1 Normal free:125752kB min:53504kB low:66880kB high:80256kB active_anon:3214032kB inactive_anon:12kB active_file:10512kB inactive_file:90300kB unevictable:0kB writepending:12372kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:22944kB pagetables:73848kB bounce:0kB free_pcp:736kB local_pcp:676kB free_cma:0kB [ 2803.265251] lowmem_reserve[]: 0 0 0 0 0 [ 2803.269549] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 4*64kB (UMEH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2803.289855] Node 0 DMA32: 392*4kB (UMEH) 2562*8kB (UMEH) 640*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32336kB [ 2803.313253] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2803.326277] Node 1 Normal: 397*4kB (UME) 602*8kB (UME) 447*16kB (UME) 179*32kB (UME) 277*64kB (UME) 135*128kB (UME) 73*256kB (UME) 31*512kB (UME) 12*1024kB (UME) 1*2048kB (E) 8*4096kB (M) = 135956kB [ 2803.349987] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2803.359619] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2803.381083] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2803.391610] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2803.401901] 21361 total pagecache pages [ 2803.410549] 0 pages in swap cache [ 2803.414112] Swap cache stats: add 0, delete 0, find 0/0 [ 2803.419551] Free swap = 0kB [ 2803.423349] Total swap = 0kB [ 2803.426499] 1965979 pages RAM [ 2803.429650] 0 pages HighMem/MovableOnly [ 2803.434367] 335855 pages reserved [ 2803.438026] 0 pages cma reserved 12:40:53 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:53 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:53 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:53 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:53 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:54 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2804.312522] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2804.359772] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2804.367086] CPU: 1 PID: 29948 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2804.375008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2804.384473] Call Trace: [ 2804.387072] dump_stack+0x142/0x197 [ 2804.390715] warn_alloc.cold+0x96/0x1af [ 2804.394797] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2804.399663] ? wait_for_completion+0x420/0x420 [ 2804.404419] __alloc_pages_slowpath+0x23c6/0x2930 [ 2804.409311] ? warn_alloc+0xf0/0xf0 [ 2804.412963] ? __might_sleep+0x93/0xb0 [ 2804.416886] __alloc_pages_nodemask+0x62c/0x7a0 [ 2804.421577] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2804.426613] ? retint_kernel+0x2d/0x2d [ 2804.430517] alloc_pages_current+0xec/0x1e0 [ 2804.434857] kvm_mmu_create+0xdf/0x1e0 [ 2804.438887] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2804.443226] kvm_vcpu_init+0x272/0x360 [ 2804.447129] vmx_create_vcpu+0xfc/0x2aa0 [ 2804.451212] ? handle_rdmsr+0x6e0/0x6e0 [ 2804.455204] ? wait_for_completion+0x420/0x420 [ 2804.459805] kvm_arch_vcpu_create+0x8c/0xc0 [ 2804.464142] kvm_vm_ioctl+0x501/0x1600 [ 2804.468043] ? __lock_acquire+0x5f7/0x4620 [ 2804.472284] ? mark_held_locks+0xb1/0x100 [ 2804.476440] ? kvm_vcpu_release+0xa0/0xa0 [ 2804.480634] ? retint_kernel+0x2d/0x2d [ 2804.484535] ? trace_hardirqs_on_caller+0x400/0x590 [ 2804.489563] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2804.494331] ? check_preemption_disabled+0x3c/0x250 [ 2804.499363] ? retint_kernel+0x2d/0x2d [ 2804.503273] ? selinux_file_ioctl+0x24a/0x560 [ 2804.507779] ? kvm_vcpu_release+0xa0/0xa0 [ 2804.511936] do_vfs_ioctl+0x7ae/0x1060 [ 2804.515849] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2804.520613] ? lock_downgrade+0x740/0x740 [ 2804.524800] ? ioctl_preallocate+0x1c0/0x1c0 [ 2804.529226] ? __fget+0x237/0x370 [ 2804.532695] ? security_file_ioctl+0x89/0xb0 [ 2804.537118] SyS_ioctl+0x8f/0xc0 [ 2804.540501] ? do_vfs_ioctl+0x1060/0x1060 [ 2804.544662] do_syscall_64+0x1e8/0x640 [ 2804.548554] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2804.553428] entry_SYSCALL_64_after_hwframe+0x42/0xb7 12:40:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2804.558639] RIP: 0033:0x45b399 [ 2804.558836] syz-executor.5: [ 2804.561847] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2804.561858] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2804.561863] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2804.561867] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2804.561872] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2804.561876] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:40:54 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2804.712178] warn_alloc_show_mem: 1 callbacks suppressed [ 2804.712190] Mem-Info: [ 2804.723767] active_anon:1271527 inactive_anon:1219 isolated_anon:0 [ 2804.723767] active_file:2631 inactive_file:24333 isolated_file:2 [ 2804.723767] unevictable:0 dirty:5863 writeback:25 unstable:0 [ 2804.723767] slab_reclaimable:25974 slab_unreclaimable:116236 [ 2804.723767] mapped:58571 shmem:244 pagetables:32568 bounce:0 [ 2804.723767] free:40665 free_pcp:302 free_cma:0 [ 2804.776383] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2804.808777] Node 1 active_anon:3215416kB inactive_anon:12kB active_file:10516kB inactive_file:87528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25368kB dirty:13648kB writeback:100kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2804.843067] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2804.851388] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2804.882722] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2804.888884] CPU: 0 PID: 29942 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2804.896782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2804.906143] Call Trace: [ 2804.908746] dump_stack+0x142/0x197 [ 2804.910092] lowmem_reserve[]: [ 2804.912379] warn_alloc.cold+0x96/0x1af [ 2804.912488] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2804.915617] 0 [ 2804.919544] ? __mutex_unlock_slowpath+0x281/0x800 [ 2804.919561] ? wait_for_completion+0x420/0x420 [ 2804.929778] 2569 [ 2804.931122] __alloc_pages_slowpath+0x23c6/0x2930 [ 2804.931149] ? warn_alloc+0xf0/0xf0 [ 2804.931161] ? retint_kernel+0x2d/0x2d [ 2804.931180] __alloc_pages_nodemask+0x62c/0x7a0 [ 2804.935797] 2569 [ 2804.937811] ? rcu_read_lock_sched_held+0x110/0x130 [ 2804.937827] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2804.942999] 2569 [ 2804.946329] alloc_pages_current+0xec/0x1e0 [ 2804.946347] kvm_mmu_create+0xdf/0x1e0 [ 2804.946361] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2804.946378] kvm_vcpu_init+0x272/0x360 [ 2804.950321] 2569 [ 2804.954934] vmx_create_vcpu+0xfc/0x2aa0 [ 2804.954948] ? mutex_trylock+0x1c0/0x1c0 [ 2804.962983] ? handle_rdmsr+0x6e0/0x6e0 [ 2804.962996] ? wait_for_completion+0x420/0x420 [ 2804.963010] kvm_arch_vcpu_create+0x8c/0xc0 [ 2804.963024] kvm_vm_ioctl+0x501/0x1600 [ 2804.963036] ? __lock_acquire+0x5f7/0x4620 [ 2804.963050] ? kvm_vcpu_release+0xa0/0xa0 [ 2804.963066] ? trace_hardirqs_on+0x10/0x10 [ 2804.968446] Node 0 [ 2804.970220] ? trace_hardirqs_on+0x10/0x10 [ 2804.970232] ? __might_fault+0x110/0x1d0 [ 2804.970244] ? save_trace+0x290/0x290 [ 2804.974738] DMA32 free:30288kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:364kB local_pcp:192kB free_cma:0kB [ 2804.978692] ? __might_fault+0x110/0x1d0 [ 2804.978706] ? __fget+0x210/0x370 [ 2804.978719] ? retint_kernel+0x2d/0x2d [ 2804.978737] ? kvm_vcpu_release+0xa0/0xa0 [ 2804.983312] lowmem_reserve[]: [ 2804.986951] do_vfs_ioctl+0x7ae/0x1060 [ 2804.986966] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2804.986977] ? check_preemption_disabled+0x3c/0x250 [ 2804.986989] ? ioctl_preallocate+0x1c0/0x1c0 [ 2804.987010] ? security_file_ioctl+0x89/0xb0 [ 2804.989092] 0 [ 2804.993207] SyS_ioctl+0x8f/0xc0 [ 2804.993217] ? do_vfs_ioctl+0x1060/0x1060 [ 2804.993228] do_syscall_64+0x1e8/0x640 [ 2804.993237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2804.993253] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2804.993262] RIP: 0033:0x45b399 [ 2804.993267] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2804.997739] 0 [ 2805.001416] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2805.001422] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2805.001427] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2805.001433] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2805.001438] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2805.314049] 0 0 0 [ 2805.316830] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2805.343489] lowmem_reserve[]: 0 0 0 0 0 [ 2805.348364] Node 1 Normal free:129552kB min:53504kB low:66880kB high:80256kB active_anon:3215568kB inactive_anon:12kB active_file:10516kB inactive_file:90180kB unevictable:0kB writepending:16656kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23264kB pagetables:74188kB bounce:0kB free_pcp:376kB local_pcp:152kB free_cma:0kB [ 2805.415806] lowmem_reserve[]: 0 0 0 0 0 [ 2805.421390] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 4*64kB (UMEH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2805.442002] Node 0 DMA32: 384*4kB (UMEH) 2367*8kB (UMEH) 570*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29624kB [ 2805.457742] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2805.469825] Node 1 Normal: 112*4kB (UE) 187*8kB (UE) 132*16kB (UME) 228*32kB (UME) 280*64kB (UME) 140*128kB (UME) 85*256kB (UME) 29*512kB (UME) 13*1024kB (UME) 1*2048kB (E) 8*4096kB (M) = 131928kB [ 2805.499469] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2805.510070] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2805.519366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2805.534768] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2805.544632] 25480 total pagecache pages [ 2805.549861] 0 pages in swap cache [ 2805.562932] Swap cache stats: add 0, delete 0, find 0/0 [ 2805.575506] Free swap = 0kB [ 2805.587786] Total swap = 0kB [ 2805.596937] 1965979 pages RAM [ 2805.606396] 0 pages HighMem/MovableOnly [ 2805.611712] 335855 pages reserved [ 2805.615599] 0 pages cma reserved 12:40:55 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:55 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:55 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2805.677304] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2805.688150] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2805.702235] CPU: 0 PID: 29944 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2805.710171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2805.719652] Call Trace: [ 2805.722255] dump_stack+0x142/0x197 [ 2805.725918] warn_alloc.cold+0x96/0x1af [ 2805.729972] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2805.734836] ? wait_for_completion+0x420/0x420 [ 2805.739446] __alloc_pages_slowpath+0x23c6/0x2930 [ 2805.744320] ? warn_alloc+0xf0/0xf0 [ 2805.747968] ? __might_sleep+0x93/0xb0 [ 2805.751873] __alloc_pages_nodemask+0x62c/0x7a0 [ 2805.756558] ? rcu_read_lock_sched_held+0x110/0x130 [ 2805.761587] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2805.766632] alloc_pages_current+0xec/0x1e0 [ 2805.770968] kvm_mmu_create+0xdf/0x1e0 [ 2805.774873] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2805.779210] kvm_vcpu_init+0x272/0x360 [ 2805.783112] vmx_create_vcpu+0xfc/0x2aa0 [ 2805.787183] ? mutex_trylock+0x1c0/0x1c0 [ 2805.791266] ? handle_rdmsr+0x6e0/0x6e0 [ 2805.795255] ? wait_for_completion+0x420/0x420 [ 2805.799858] kvm_arch_vcpu_create+0x8c/0xc0 [ 2805.804197] kvm_vm_ioctl+0x501/0x1600 [ 2805.808103] ? __lock_acquire+0x5f7/0x4620 [ 2805.812353] ? find_held_lock+0x35/0x130 [ 2805.816435] ? kvm_vcpu_release+0xa0/0xa0 [ 2805.820603] ? retint_kernel+0x2d/0x2d [ 2805.824520] ? retint_kernel+0x2d/0x2d [ 2805.828422] ? trace_hardirqs_on_caller+0x400/0x590 [ 2805.833456] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2805.838223] ? check_preemption_disabled+0x3c/0x250 [ 2805.843252] ? retint_kernel+0x2d/0x2d [ 2805.847159] ? do_vfs_ioctl+0x74f/0x1060 [ 2805.851233] ? kvm_vcpu_release+0xa0/0xa0 [ 2805.855407] do_vfs_ioctl+0x7ae/0x1060 [ 2805.859309] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2805.864426] ? lock_downgrade+0x740/0x740 [ 2805.868589] ? ioctl_preallocate+0x1c0/0x1c0 [ 2805.873014] ? __fget+0x237/0x370 [ 2805.876485] ? security_file_ioctl+0x89/0xb0 [ 2805.880911] SyS_ioctl+0x8f/0xc0 [ 2805.884285] ? do_vfs_ioctl+0x1060/0x1060 [ 2805.888442] do_syscall_64+0x1e8/0x640 [ 2805.892467] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2805.897332] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2805.902528] RIP: 0033:0x45b399 [ 2805.905721] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2805.913460] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2805.920738] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2805.928014] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2805.935458] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2805.942737] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:40:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2806.035053] warn_alloc_show_mem: 1 callbacks suppressed [ 2806.035057] Mem-Info: [ 2806.047759] active_anon:1271968 inactive_anon:1218 isolated_anon:0 [ 2806.047759] active_file:2632 inactive_file:26295 isolated_file:1 [ 2806.047759] unevictable:0 dirty:6170 writeback:14 unstable:0 [ 2806.047759] slab_reclaimable:26295 slab_unreclaimable:115747 [ 2806.047759] mapped:58571 shmem:244 pagetables:32623 bounce:0 [ 2806.047759] free:38278 free_pcp:313 free_cma:0 [ 2806.087786] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2806.120370] Node 1 active_anon:3217136kB inactive_anon:12kB active_file:10524kB inactive_file:102788kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25368kB dirty:24776kB writeback:32kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2806.153974] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2806.185533] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2806.194509] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2806.196477] Node 0 [ 2806.216152] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2806.230975] CPU: 1 PID: 30015 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2806.235554] DMA32 free:29004kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:364kB local_pcp:128kB free_cma:0kB [ 2806.238885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2806.238890] Call Trace: [ 2806.238910] dump_stack+0x142/0x197 [ 2806.238927] warn_alloc.cold+0x96/0x1af [ 2806.238937] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2806.238954] ? wait_for_completion+0x420/0x420 [ 2806.238967] __alloc_pages_slowpath+0x23c6/0x2930 [ 2806.238990] ? warn_alloc+0xf0/0xf0 [ 2806.239010] ? __might_sleep+0x93/0xb0 [ 2806.308892] __alloc_pages_nodemask+0x62c/0x7a0 [ 2806.313591] ? rcu_read_lock_sched_held+0x110/0x130 [ 2806.318619] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2806.323794] alloc_pages_current+0xec/0x1e0 [ 2806.328143] kvm_mmu_create+0xdf/0x1e0 [ 2806.332142] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2806.336474] kvm_vcpu_init+0x272/0x360 [ 2806.340420] vmx_create_vcpu+0xfc/0x2aa0 [ 2806.344501] ? mutex_trylock+0x1c0/0x1c0 [ 2806.348579] ? handle_rdmsr+0x6e0/0x6e0 [ 2806.352665] ? wait_for_completion+0x420/0x420 [ 2806.357274] kvm_arch_vcpu_create+0x8c/0xc0 [ 2806.361851] kvm_vm_ioctl+0x501/0x1600 [ 2806.365762] ? __lock_acquire+0x5f7/0x4620 [ 2806.369545] lowmem_reserve[]: [ 2806.370011] ? save_trace+0x290/0x290 [ 2806.373955] 0 [ 2806.377044] ? kvm_vcpu_release+0xa0/0xa0 [ 2806.377057] ? trace_hardirqs_on+0x10/0x10 [ 2806.377073] ? trace_hardirqs_on+0x10/0x10 [ 2806.377083] ? __might_fault+0x110/0x1d0 [ 2806.377094] ? save_trace+0x290/0x290 [ 2806.389262] 0 [ 2806.391508] ? __might_fault+0x110/0x1d0 [ 2806.391519] ? __fget+0x210/0x370 [ 2806.391531] ? find_held_lock+0x35/0x130 [ 2806.391542] ? __fget+0x210/0x370 [ 2806.391557] ? kvm_vcpu_release+0xa0/0xa0 [ 2806.391569] do_vfs_ioctl+0x7ae/0x1060 [ 2806.391580] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2806.391588] ? lock_downgrade+0x740/0x740 [ 2806.391599] ? ioctl_preallocate+0x1c0/0x1c0 [ 2806.391611] ? __fget+0x237/0x370 [ 2806.391629] ? security_file_ioctl+0x89/0xb0 [ 2806.391642] SyS_ioctl+0x8f/0xc0 [ 2806.391651] ? do_vfs_ioctl+0x1060/0x1060 [ 2806.391664] do_syscall_64+0x1e8/0x640 [ 2806.391674] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2806.391692] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2806.391700] RIP: 0033:0x45b399 [ 2806.391704] RSP: 002b:00007f93d8723c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2806.391714] RAX: ffffffffffffffda RBX: 00007f93d87246d4 RCX: 000000000045b399 [ 2806.391719] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2806.391724] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2806.391729] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2806.391734] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bfd4 [ 2806.532663] 0 0 0 [ 2806.534963] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2806.565551] lowmem_reserve[]: 0 0 0 0 0 [ 2806.569813] Node 1 Normal free:144204kB min:53504kB low:66880kB high:80256kB active_anon:3217136kB inactive_anon:12kB active_file:10524kB inactive_file:76088kB unevictable:0kB writepending:2164kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23104kB pagetables:74332kB bounce:0kB free_pcp:1376kB local_pcp:668kB free_cma:0kB [ 2806.581978] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2806.612280] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2806.618066] CPU: 1 PID: 30005 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2806.625962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2806.635454] Call Trace: [ 2806.638055] dump_stack+0x142/0x197 [ 2806.641698] warn_alloc.cold+0x96/0x1af [ 2806.645683] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2806.647134] lowmem_reserve[]: [ 2806.650544] ? wait_for_completion+0x420/0x420 [ 2806.650564] __alloc_pages_slowpath+0x23c6/0x2930 [ 2806.650577] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2806.650596] ? warn_alloc+0xf0/0xf0 [ 2806.650615] ? __might_sleep+0x93/0xb0 [ 2806.650626] __alloc_pages_nodemask+0x62c/0x7a0 [ 2806.650639] ? rcu_read_lock_sched_held+0x110/0x130 [ 2806.655673] 0 [ 2806.658339] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2806.658357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2806.658374] alloc_pages_current+0xec/0x1e0 [ 2806.658388] kvm_mmu_create+0xdf/0x1e0 [ 2806.658402] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2806.668938] 0 [ 2806.671633] kvm_vcpu_init+0x272/0x360 [ 2806.671649] vmx_create_vcpu+0xfc/0x2aa0 [ 2806.671662] ? mutex_trylock+0x1c0/0x1c0 [ 2806.671678] ? handle_rdmsr+0x6e0/0x6e0 [ 2806.671688] ? wait_for_completion+0x420/0x420 [ 2806.671702] kvm_arch_vcpu_create+0x8c/0xc0 [ 2806.671714] kvm_vm_ioctl+0x501/0x1600 [ 2806.671726] ? __lock_acquire+0x5f7/0x4620 [ 2806.671734] ? find_held_lock+0x35/0x130 [ 2806.671748] ? kvm_vcpu_release+0xa0/0xa0 [ 2806.676073] 0 [ 2806.680325] ? trace_hardirqs_on+0x10/0x10 [ 2806.680341] ? trace_hardirqs_on+0x10/0x10 [ 2806.680352] ? __might_fault+0x110/0x1d0 [ 2806.680363] ? save_trace+0x290/0x290 [ 2806.680370] ? __might_fault+0x110/0x1d0 [ 2806.680381] ? __fget+0x210/0x370 [ 2806.680393] ? retint_kernel+0x2d/0x2d [ 2806.680404] ? trace_hardirqs_on_caller+0x400/0x590 [ 2806.680417] ? kvm_vcpu_release+0xa0/0xa0 [ 2806.680428] do_vfs_ioctl+0x7ae/0x1060 [ 2806.680440] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2806.680452] ? ioctl_preallocate+0x1c0/0x1c0 [ 2806.680466] ? __fget_light+0x19b/0x1f0 [ 2806.680481] ? security_file_ioctl+0x89/0xb0 [ 2806.680493] SyS_ioctl+0x8f/0xc0 [ 2806.690538] 0 [ 2806.692314] ? do_vfs_ioctl+0x1060/0x1060 [ 2806.692330] do_syscall_64+0x1e8/0x640 [ 2806.692340] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2806.692357] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2806.692367] RIP: 0033:0x45b399 [ 2806.697542] 0 [ 2806.701440] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2806.701452] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2806.701457] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2806.701462] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2806.701468] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2806.701474] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2806.893267] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 4*64kB (UMEH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2806.915195] Node 0 DMA32: 383*4kB (UMH) 2314*8kB (UMEH) 559*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29020kB [ 2806.929589] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2806.945928] Node 1 Normal: 141*4kB (UME) 148*8kB (UME) 111*16kB (UME) 257*32kB (UME) 283*64kB (UME) 141*128kB (UME) 89*256kB (UME) 28*512kB (UE) 12*1024kB (UME) 1*2048kB (E) 8*4096kB (M) = 132132kB [ 2806.973294] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2806.989187] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2806.999322] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2807.013287] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2807.025645] 24963 total pagecache pages [ 2807.030498] 0 pages in swap cache [ 2807.034198] Swap cache stats: add 0, delete 0, find 0/0 [ 2807.039931] Free swap = 0kB [ 2807.043525] Total swap = 0kB 12:40:57 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:57 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2807.046715] 1965979 pages RAM [ 2807.050214] 0 pages HighMem/MovableOnly [ 2807.054399] 335855 pages reserved [ 2807.057991] 0 pages cma reserved [ 2807.375902] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2807.389589] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2807.397131] CPU: 0 PID: 30033 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2807.405048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2807.414422] Call Trace: [ 2807.417026] dump_stack+0x142/0x197 [ 2807.420690] warn_alloc.cold+0x96/0x1af [ 2807.424801] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2807.429669] ? wait_for_completion+0x420/0x420 [ 2807.434404] __alloc_pages_slowpath+0x23c6/0x2930 [ 2807.439282] ? warn_alloc+0xf0/0xf0 [ 2807.442956] ? __might_sleep+0x93/0xb0 [ 2807.446878] __alloc_pages_nodemask+0x62c/0x7a0 [ 2807.451708] ? rcu_read_lock_sched_held+0x110/0x130 [ 2807.456844] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2807.457614] syz-executor.2: [ 2807.461894] alloc_pages_current+0xec/0x1e0 [ 2807.461910] kvm_mmu_create+0xdf/0x1e0 [ 2807.461923] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2807.461937] kvm_vcpu_init+0x272/0x360 [ 2807.461951] vmx_create_vcpu+0xfc/0x2aa0 [ 2807.461961] ? mutex_trylock+0x1c0/0x1c0 [ 2807.461978] ? handle_rdmsr+0x6e0/0x6e0 [ 2807.461988] ? wait_for_completion+0x420/0x420 [ 2807.462002] kvm_arch_vcpu_create+0x8c/0xc0 [ 2807.462016] kvm_vm_ioctl+0x501/0x1600 [ 2807.470840] page allocation failure: order:0 [ 2807.473238] ? __lock_acquire+0x5f7/0x4620 [ 2807.473248] ? find_held_lock+0x35/0x130 [ 2807.473264] ? kvm_vcpu_release+0xa0/0xa0 [ 2807.473275] ? trace_hardirqs_on+0x10/0x10 [ 2807.473290] ? trace_hardirqs_on+0x10/0x10 [ 2807.473306] ? __might_fault+0x110/0x1d0 [ 2807.481002] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2807.481629] ? save_trace+0x290/0x290 [ 2807.481641] ? __might_fault+0x110/0x1d0 [ 2807.481654] ? __fget+0x210/0x370 [ 2807.481668] ? find_held_lock+0x35/0x130 [ 2807.489185] (null) [ 2807.489781] ? __fget+0x210/0x370 [ 2807.489797] ? kvm_vcpu_release+0xa0/0xa0 [ 2807.489814] do_vfs_ioctl+0x7ae/0x1060 [ 2807.494398] syz-executor.2 cpuset= 12:40:57 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2807.498482] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2807.498494] ? lock_downgrade+0x740/0x740 [ 2807.498506] ? ioctl_preallocate+0x1c0/0x1c0 [ 2807.498519] ? __fget+0x237/0x370 [ 2807.498536] ? security_file_ioctl+0x89/0xb0 [ 2807.498548] SyS_ioctl+0x8f/0xc0 [ 2807.498558] ? do_vfs_ioctl+0x1060/0x1060 [ 2807.498571] do_syscall_64+0x1e8/0x640 [ 2807.498587] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2807.504503] syz2 [ 2807.506805] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2807.512020] mems_allowed=0-1 [ 2807.515427] RIP: 0033:0x45b399 [ 2807.515434] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2807.515444] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2807.515449] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2807.515455] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2807.515459] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2807.515465] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2807.524453] warn_alloc_show_mem: 2 callbacks suppressed [ 2807.524457] Mem-Info: [ 2807.524482] active_anon:1272525 inactive_anon:1219 isolated_anon:0 [ 2807.524482] active_file:2636 inactive_file:22611 isolated_file:0 [ 2807.524482] unevictable:0 dirty:11 writeback:0 unstable:0 [ 2807.524482] slab_reclaimable:26478 slab_unreclaimable:115279 [ 2807.524482] mapped:58573 shmem:244 pagetables:32710 bounce:0 [ 2807.524482] free:41636 free_pcp:276 free_cma:0 [ 2807.524500] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2807.524517] Node 1 active_anon:3219308kB inactive_anon:12kB active_file:10528kB inactive_file:90440kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:40kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2807.524521] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2807.524543] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2807.524565] Node 0 DMA32 free:28392kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:320kB local_pcp:96kB free_cma:0kB [ 2807.524587] lowmem_reserve[]: 0 0 0 0 0 [ 2807.524607] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2807.524627] lowmem_reserve[]: 0 0 0 0 0 [ 2807.524655] Node 1 Normal free:127664kB min:53504kB low:66880kB high:80256kB active_anon:3219308kB inactive_anon:12kB active_file:10528kB inactive_file:90440kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23392kB pagetables:74660kB bounce:0kB free_pcp:784kB local_pcp:152kB free_cma:0kB [ 2807.524678] lowmem_reserve[]: 0 0 0 0 0 [ 2807.524697] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB [ 2807.545967] CPU: 1 PID: 30009 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2807.548570] (UEH) [ 2807.551359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2807.551364] Call Trace: [ 2807.551384] dump_stack+0x142/0x197 [ 2807.551400] warn_alloc.cold+0x96/0x1af [ 2807.551409] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2807.551427] ? wait_for_completion+0x420/0x420 [ 2807.551442] __alloc_pages_slowpath+0x23c6/0x2930 [ 2807.555340] 4*64kB [ 2807.559090] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2807.559125] ? warn_alloc+0xf0/0xf0 [ 2807.559148] ? __might_sleep+0x93/0xb0 [ 2807.562011] (UMEH) [ 2807.564855] __alloc_pages_nodemask+0x62c/0x7a0 [ 2807.564868] ? retint_kernel+0x2d/0x2d [ 2807.564881] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2807.564890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2807.564903] ? check_preemption_disabled+0x3c/0x250 [ 2807.569416] 4*128kB [ 2807.572929] ? retint_kernel+0x2d/0x2d [ 2807.572945] alloc_pages_current+0xec/0x1e0 [ 2807.572959] kvm_mmu_create+0xdf/0x1e0 [ 2807.572971] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2807.572985] kvm_vcpu_init+0x272/0x360 [ 2807.572999] vmx_create_vcpu+0xfc/0x2aa0 [ 2807.573012] ? check_preemption_disabled+0x3c/0x250 [ 2807.573024] ? handle_rdmsr+0x6e0/0x6e0 [ 2807.573041] kvm_arch_vcpu_create+0x8c/0xc0 [ 2807.577014] (UMEH) [ 2807.581351] kvm_vm_ioctl+0x501/0x1600 [ 2807.581364] ? __lock_acquire+0x5f7/0x4620 [ 2807.581374] ? mark_held_locks+0xb1/0x100 [ 2807.581388] ? kvm_vcpu_release+0xa0/0xa0 [ 2807.581399] ? retint_kernel+0x2d/0x2d [ 2807.581410] ? trace_hardirqs_on_caller+0x400/0x590 [ 2807.581421] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2807.581434] ? check_preemption_disabled+0x3c/0x250 [ 2807.581446] ? retint_kernel+0x2d/0x2d [ 2807.586093] 3*256kB [ 2807.590008] ? selinux_file_ioctl+0x83/0x560 [ 2807.590019] ? selinux_file_ioctl+0xb8/0x560 [ 2807.590035] ? kvm_vcpu_release+0xa0/0xa0 [ 2807.590047] do_vfs_ioctl+0x7ae/0x1060 [ 2807.590057] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2807.590066] ? lock_downgrade+0x740/0x740 [ 2807.590077] ? ioctl_preallocate+0x1c0/0x1c0 [ 2807.590088] ? __fget+0x237/0x370 [ 2807.590103] ? security_file_ioctl+0x89/0xb0 [ 2807.590115] SyS_ioctl+0x8f/0xc0 [ 2807.590125] ? do_vfs_ioctl+0x1060/0x1060 [ 2807.590136] do_syscall_64+0x1e8/0x640 [ 2807.590151] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2807.594114] (MEH) [ 2807.598014] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2807.598024] RIP: 0033:0x45b399 [ 2807.598029] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2807.598041] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2807.598047] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2807.598052] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2807.598057] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 12:40:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2807.598066] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:40:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2807.603029] 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2808.309714] Node 0 DMA32: 382*4kB (UMEH) 2266*8kB (UMEH) 545*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28408kB [ 2808.324242] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2808.335713] Node 1 Normal: 358*4kB (ME) 593*8kB (UME) 599*16kB (UME) 335*32kB (UME) 143*64kB (UME) 128*128kB (UME) 85*256kB (UE) 29*512kB (UME) 11*1024kB (UME) 1*2048kB (E) 8*4096kB (M) = 134704kB [ 2808.354250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2808.363571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2808.372728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2808.382152] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2808.391429] 21440 total pagecache pages [ 2808.395914] 0 pages in swap cache [ 2808.399845] Swap cache stats: add 0, delete 0, find 0/0 [ 2808.405654] Free swap = 0kB [ 2808.408943] Total swap = 0kB [ 2808.412409] 1965979 pages RAM [ 2808.415824] 0 pages HighMem/MovableOnly [ 2808.420163] 335855 pages reserved [ 2808.423921] 0 pages cma reserved [ 2808.918850] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2808.930465] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2808.936086] CPU: 1 PID: 30054 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2808.943987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2808.953482] Call Trace: [ 2808.956092] dump_stack+0x142/0x197 [ 2808.959736] warn_alloc.cold+0x96/0x1af [ 2808.963721] ? zone_watermark_ok_safe+0x2b0/0x2b0 12:40:59 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:40:59 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:40:59 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2808.968593] ? wait_for_completion+0x420/0x420 [ 2808.973205] __alloc_pages_slowpath+0x23c6/0x2930 [ 2808.978235] ? warn_alloc+0xf0/0xf0 [ 2808.981904] ? __might_sleep+0x93/0xb0 [ 2808.985953] __alloc_pages_nodemask+0x62c/0x7a0 [ 2808.990647] ? trace_hardirqs_on_caller+0x400/0x590 [ 2808.995773] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2809.000827] alloc_pages_current+0xec/0x1e0 [ 2809.005178] kvm_mmu_create+0xdf/0x1e0 [ 2809.009087] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2809.013422] kvm_vcpu_init+0x272/0x360 [ 2809.017444] vmx_create_vcpu+0xfc/0x2aa0 [ 2809.021524] ? mutex_trylock+0x1c0/0x1c0 [ 2809.025676] ? handle_rdmsr+0x6e0/0x6e0 [ 2809.029654] ? wait_for_completion+0x420/0x420 [ 2809.034269] kvm_arch_vcpu_create+0x8c/0xc0 [ 2809.038594] kvm_vm_ioctl+0x501/0x1600 [ 2809.042476] ? __lock_acquire+0x5f7/0x4620 [ 2809.046848] ? mark_held_locks+0xb1/0x100 [ 2809.051008] ? kvm_vcpu_release+0xa0/0xa0 [ 2809.055395] ? retint_kernel+0x2d/0x2d [ 2809.059309] ? trace_hardirqs_on_caller+0x400/0x590 [ 2809.064350] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2809.069172] ? check_preemption_disabled+0x3c/0x250 [ 2809.074200] ? retint_kernel+0x2d/0x2d [ 2809.078216] ? selinux_file_ioctl+0x19a/0x560 [ 2809.082718] ? selinux_file_ioctl+0x206/0x560 [ 2809.087213] ? kvm_vcpu_release+0xa0/0xa0 [ 2809.091365] do_vfs_ioctl+0x7ae/0x1060 [ 2809.095251] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2809.100017] ? lock_downgrade+0x740/0x740 [ 2809.104190] ? ioctl_preallocate+0x1c0/0x1c0 [ 2809.108617] ? __fget+0x237/0x370 [ 2809.112083] ? security_file_ioctl+0x89/0xb0 [ 2809.116504] SyS_ioctl+0x8f/0xc0 [ 2809.119868] ? do_vfs_ioctl+0x1060/0x1060 [ 2809.124025] do_syscall_64+0x1e8/0x640 [ 2809.128044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2809.132912] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2809.138094] RIP: 0033:0x45b399 [ 2809.141407] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2809.149121] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2809.156426] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2809.163711] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2809.171939] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2809.179226] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2809.198580] warn_alloc_show_mem: 1 callbacks suppressed [ 2809.198584] Mem-Info: [ 2809.207400] active_anon:1274981 inactive_anon:1219 isolated_anon:0 [ 2809.207400] active_file:2640 inactive_file:22618 isolated_file:0 12:40:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2809.207400] unevictable:0 dirty:53 writeback:0 unstable:0 [ 2809.207400] slab_reclaimable:26749 slab_unreclaimable:114510 [ 2809.207400] mapped:58573 shmem:244 pagetables:32778 bounce:0 [ 2809.207400] free:39638 free_pcp:308 free_cma:0 [ 2809.245060] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:8kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2809.278699] Node 1 active_anon:3229132kB inactive_anon:12kB active_file:10544kB inactive_file:84668kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:204kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2809.530292] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2809.537881] Node 0 DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.596374] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2809.603244] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2809.608387] Node 0 DMA32 free:28000kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:8kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.637883] lowmem_reserve[]: 0 0 0 0 0 [ 2809.640576] CPU: 0 PID: 30085 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2809.642195] Node 0 [ 2809.649779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2809.649785] Call Trace: [ 2809.649803] dump_stack+0x142/0x197 [ 2809.649817] warn_alloc.cold+0x96/0x1af [ 2809.649826] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2809.649845] ? wait_for_completion+0x420/0x420 [ 2809.652584] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.661455] __alloc_pages_slowpath+0x23c6/0x2930 [ 2809.661478] ? warn_alloc+0xf0/0xf0 [ 2809.661498] ? __might_sleep+0x93/0xb0 [ 2809.661509] __alloc_pages_nodemask+0x62c/0x7a0 [ 2809.661520] ? rcu_read_lock_sched_held+0x110/0x130 [ 2809.661530] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2809.661555] alloc_pages_current+0xec/0x1e0 [ 2809.664191] lowmem_reserve[]: [ 2809.667769] kvm_mmu_create+0xdf/0x1e0 [ 2809.667783] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2809.667795] kvm_vcpu_init+0x272/0x360 [ 2809.667809] vmx_create_vcpu+0xfc/0x2aa0 [ 2809.672382] 0 [ 2809.676643] ? mutex_trylock+0x1c0/0x1c0 [ 2809.676665] ? handle_rdmsr+0x6e0/0x6e0 [ 2809.681404] 0 [ 2809.705999] ? wait_for_completion+0x420/0x420 [ 2809.706022] kvm_arch_vcpu_create+0x8c/0xc0 [ 2809.706038] kvm_vm_ioctl+0x501/0x1600 [ 2809.706048] ? __lock_acquire+0x5f7/0x4620 [ 2809.706056] ? find_held_lock+0x35/0x130 [ 2809.706067] ? kvm_vcpu_release+0xa0/0xa0 [ 2809.706076] ? trace_hardirqs_on+0x10/0x10 [ 2809.706090] ? trace_hardirqs_on+0x10/0x10 [ 2809.706098] ? __might_fault+0x110/0x1d0 [ 2809.706108] ? save_trace+0x290/0x290 [ 2809.706116] ? __might_fault+0x110/0x1d0 [ 2809.706127] ? __fget+0x210/0x370 [ 2809.706147] ? find_held_lock+0x35/0x130 [ 2809.711764] 0 [ 2809.714794] ? __fget+0x210/0x370 12:40:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2809.714808] ? kvm_vcpu_release+0xa0/0xa0 [ 2809.714821] do_vfs_ioctl+0x7ae/0x1060 [ 2809.718801] 0 [ 2809.723480] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2809.723491] ? lock_downgrade+0x740/0x740 [ 2809.723504] ? ioctl_preallocate+0x1c0/0x1c0 [ 2809.723515] ? __fget+0x237/0x370 [ 2809.723532] ? security_file_ioctl+0x89/0xb0 [ 2809.728955] 0 [ 2809.733553] SyS_ioctl+0x8f/0xc0 [ 2809.733563] ? do_vfs_ioctl+0x1060/0x1060 [ 2809.733576] do_syscall_64+0x1e8/0x640 [ 2809.733586] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2809.733604] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2809.741031] RIP: 0033:0x45b399 [ 2809.741036] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2809.741046] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2809.741052] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2809.741057] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2809.741063] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2809.741068] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2809.932751] Node 1 Normal free:124784kB min:53504kB low:66880kB high:80256kB active_anon:3229332kB inactive_anon:12kB active_file:10544kB inactive_file:85268kB unevictable:0kB writepending:56kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23456kB pagetables:74784kB bounce:0kB free_pcp:1292kB local_pcp:592kB free_cma:0kB [ 2809.962912] lowmem_reserve[]: 0 0 0 0 0 [ 2809.967315] Node 0 DMA: 2*4kB (UM) 6*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 4*64kB (UMEH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10488kB [ 2809.984252] Node 0 DMA32: 427*4kB (UMH) 2225*8kB (UMEH) 530*16kB (UMEH) 3*32kB (EH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28084kB [ 2809.992612] syz-executor.2: [ 2810.001483] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2810.014141] page allocation failure: order:0 [ 2810.015392] Node 1 [ 2810.018158] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2810.020278] Normal: 425*4kB (UME) 620*8kB (UME) 388*16kB (UME) 268*32kB (UME) 153*64kB (UME) 137*128kB (UME) 96*256kB (UME) 29*512kB (UME) 10*1024kB (UME) 2*2048kB (ME) 7*4096kB (M) = 131204kB [ 2810.033814] (null) [ 2810.046213] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2810.057488] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2810.067645] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2810.078028] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2810.079680] syz-executor.2 cpuset= [ 2810.086968] 21987 total pagecache pages [ 2810.120382] 0 pages in swap cache [ 2810.124561] Swap cache stats: add 0, delete 0, find 0/0 [ 2810.256812] Free swap = 0kB [ 2810.260609] Total swap = 0kB [ 2810.263935] 1965979 pages RAM [ 2810.267304] 0 pages HighMem/MovableOnly [ 2810.271910] 335855 pages reserved [ 2810.275689] 0 pages cma reserved [ 2810.279360] Mem-Info: [ 2810.282498] active_anon:1279097 inactive_anon:1219 isolated_anon:0 [ 2810.282498] active_file:2640 inactive_file:21901 isolated_file:0 [ 2810.282498] unevictable:0 dirty:3010 writeback:0 unstable:0 [ 2810.282498] slab_reclaimable:26765 slab_unreclaimable:114165 [ 2810.282498] mapped:58573 shmem:244 pagetables:32751 bounce:0 [ 2810.282498] free:36560 free_pcp:229 free_cma:0 [ 2810.317102] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2810.342115] syz2 mems_allowed=0-1 [ 2810.352471] Node 1 active_anon:3245596kB inactive_anon:12kB active_file:10548kB inactive_file:90500kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:16436kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2810.357628] CPU: 0 PID: 30081 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2810.384375] Node 0 [ 2810.389214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2810.389218] Call Trace: [ 2810.389237] dump_stack+0x142/0x197 [ 2810.389252] warn_alloc.cold+0x96/0x1af [ 2810.389262] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2810.389279] ? wait_for_completion+0x420/0x420 [ 2810.389301] __alloc_pages_slowpath+0x23c6/0x2930 [ 2810.392492] DMA free:10488kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2810.401312] ? warn_alloc+0xf0/0xf0 [ 2810.401334] ? __might_sleep+0x93/0xb0 [ 2810.401346] __alloc_pages_nodemask+0x62c/0x7a0 [ 2810.401358] ? rcu_read_lock_sched_held+0x110/0x130 [ 2810.401368] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2810.401387] alloc_pages_current+0xec/0x1e0 [ 2810.401400] kvm_mmu_create+0xdf/0x1e0 [ 2810.401414] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2810.404372] lowmem_reserve[]: [ 2810.407611] kvm_vcpu_init+0x272/0x360 [ 2810.407626] vmx_create_vcpu+0xfc/0x2aa0 [ 2810.407638] ? check_preemption_disabled+0x3c/0x250 [ 2810.407649] ? retint_kernel+0x2d/0x2d 12:41:00 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2810.407664] ? handle_rdmsr+0x6e0/0x6e0 [ 2810.407678] ? kvm_arch_vcpu_create+0x14/0xc0 [ 2810.412490] 0 [ 2810.416499] kvm_arch_vcpu_create+0x8c/0xc0 [ 2810.416513] kvm_vm_ioctl+0x501/0x1600 [ 2810.416524] ? __lock_acquire+0x5f7/0x4620 [ 2810.416538] ? kvm_vcpu_release+0xa0/0xa0 [ 2810.416547] ? trace_hardirqs_on+0x10/0x10 [ 2810.416559] ? retint_kernel+0x2d/0x2d [ 2810.416573] ? trace_hardirqs_on_caller+0x400/0x590 [ 2810.421523] 2569 [ 2810.425995] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2810.426010] ? check_preemption_disabled+0x3c/0x250 [ 2810.426021] ? retint_kernel+0x2d/0x2d [ 2810.426032] ? kvm_vcpu_release+0xa0/0xa0 [ 2810.426110] ? do_vfs_ioctl+0x74f/0x1060 [ 2810.453296] 2569 [ 2810.455530] ? kvm_vcpu_release+0xa0/0xa0 [ 2810.455543] do_vfs_ioctl+0x7ae/0x1060 [ 2810.455559] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2810.455570] ? ioctl_preallocate+0x1c0/0x1c0 [ 2810.455579] ? check_preemption_disabled+0x3c/0x250 [ 2810.455589] ? retint_user+0x17/0x18 [ 2810.455606] ? security_file_ioctl+0x89/0xb0 [ 2810.459841] 2569 [ 2810.464164] SyS_ioctl+0x8f/0xc0 [ 2810.464175] ? do_vfs_ioctl+0x1060/0x1060 [ 2810.464187] do_syscall_64+0x1e8/0x640 [ 2810.464197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2810.464213] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2810.464221] RIP: 0033:0x45b399 [ 2810.464227] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2810.464237] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2810.464245] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2810.470146] 2569 [ 2810.474262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2810.474268] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2810.474273] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2810.956819] Node 0 DMA32 free:27200kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:484kB local_pcp:124kB free_cma:0kB 12:41:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2811.032700] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2811.044651] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2811.050639] CPU: 1 PID: 30077 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2811.058675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.068040] Call Trace: [ 2811.070637] dump_stack+0x142/0x197 [ 2811.074277] warn_alloc.cold+0x96/0x1af [ 2811.078265] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2811.083130] ? wait_for_completion+0x420/0x420 [ 2811.087728] __alloc_pages_slowpath+0x23c6/0x2930 [ 2811.092595] ? warn_alloc+0xf0/0xf0 [ 2811.096236] ? __might_sleep+0x93/0xb0 [ 2811.100132] __alloc_pages_nodemask+0x62c/0x7a0 [ 2811.104810] ? rcu_read_lock_sched_held+0x110/0x130 [ 2811.109933] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2811.114964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2811.119734] alloc_pages_current+0xec/0x1e0 [ 2811.120994] syz-executor.2: [ 2811.124079] kvm_mmu_create+0xdf/0x1e0 12:41:01 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2811.124093] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2811.124107] kvm_vcpu_init+0x272/0x360 [ 2811.124120] vmx_create_vcpu+0xfc/0x2aa0 [ 2811.124138] ? mutex_trylock+0x1c0/0x1c0 [ 2811.143827] page allocation failure: order:0 [ 2811.144253] ? handle_rdmsr+0x6e0/0x6e0 [ 2811.144268] ? wait_for_completion+0x420/0x420 [ 2811.144284] kvm_arch_vcpu_create+0x8c/0xc0 [ 2811.150449] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2811.152775] kvm_vm_ioctl+0x501/0x1600 [ 2811.152788] ? __lock_acquire+0x5f7/0x4620 [ 2811.152797] ? mark_held_locks+0xb1/0x100 [ 2811.152809] ? kvm_vcpu_release+0xa0/0xa0 [ 2811.152827] ? trace_hardirqs_on+0x10/0x10 [ 2811.157157] (null) [ 2811.161391] ? trace_hardirqs_on+0x10/0x10 [ 2811.161403] ? __might_fault+0x110/0x1d0 [ 2811.161413] ? save_trace+0x290/0x290 [ 2811.161423] ? trace_hardirqs_on_caller+0x400/0x590 [ 2811.161434] ? __fget+0x210/0x370 [ 2811.161444] ? find_held_lock+0x35/0x130 [ 2811.161454] ? __fget+0x210/0x370 [ 2811.161468] ? kvm_vcpu_release+0xa0/0xa0 [ 2811.161478] do_vfs_ioctl+0x7ae/0x1060 [ 2811.161491] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2811.161501] ? lock_downgrade+0x740/0x740 [ 2811.161513] ? ioctl_preallocate+0x1c0/0x1c0 [ 2811.161525] ? __fget+0x237/0x370 [ 2811.161542] ? security_file_ioctl+0x89/0xb0 [ 2811.161556] SyS_ioctl+0x8f/0xc0 [ 2811.161565] ? do_vfs_ioctl+0x1060/0x1060 [ 2811.161578] do_syscall_64+0x1e8/0x640 [ 2811.161587] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2811.161605] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2811.161613] RIP: 0033:0x45b399 [ 2811.161619] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2811.161630] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2811.161636] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2811.161642] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2811.161648] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2811.161654] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2811.168298] lowmem_reserve[]: [ 2811.227532] syz-executor.2 cpuset=syz2 [ 2811.232170] 0 [ 2811.249493] mems_allowed=0-1 [ 2811.269604] 0 [ 2811.325853] CPU: 0 PID: 30102 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2811.327366] warn_alloc_show_mem: 1 callbacks suppressed [ 2811.327383] Mem-Info: [ 2811.331256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.331261] Call Trace: [ 2811.331280] dump_stack+0x142/0x197 [ 2811.331295] warn_alloc.cold+0x96/0x1af [ 2811.331304] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2811.331317] ? check_preemption_disabled+0x3c/0x250 [ 2811.331328] ? retint_kernel+0x2d/0x2d [ 2811.331349] __alloc_pages_slowpath+0x23c6/0x2930 [ 2811.331374] ? warn_alloc+0xf0/0xf0 [ 2811.331395] ? __might_sleep+0x93/0xb0 [ 2811.331406] __alloc_pages_nodemask+0x62c/0x7a0 [ 2811.333424] active_anon:1275011 inactive_anon:1219 isolated_anon:0 [ 2811.333424] active_file:2639 inactive_file:19448 isolated_file:2 [ 2811.333424] unevictable:0 dirty:18 writeback:12 unstable:0 [ 2811.333424] slab_reclaimable:26914 slab_unreclaimable:114301 [ 2811.333424] mapped:58573 shmem:244 pagetables:32717 bounce:0 [ 2811.333424] free:42734 free_pcp:452 free_cma:0 [ 2811.336298] ? rcu_read_lock_sched_held+0x110/0x130 [ 2811.336310] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2811.336331] alloc_pages_current+0xec/0x1e0 [ 2811.336349] kvm_mmu_create+0xdf/0x1e0 [ 2811.338238] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2811.346026] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2811.346040] kvm_vcpu_init+0x272/0x360 [ 2811.346052] vmx_create_vcpu+0xfc/0x2aa0 [ 2811.346063] ? mutex_trylock+0x1c0/0x1c0 [ 2811.346072] ? retint_kernel+0x2d/0x2d [ 2811.346088] ? handle_rdmsr+0x6e0/0x6e0 [ 2811.346098] ? wait_for_completion+0x420/0x420 [ 2811.346111] kvm_arch_vcpu_create+0x8c/0xc0 [ 2811.346123] kvm_vm_ioctl+0x501/0x1600 [ 2811.346134] ? __lock_acquire+0x5f7/0x4620 [ 2811.346144] ? trace_hardirqs_on_caller+0x400/0x590 [ 2811.346158] ? kvm_vcpu_release+0xa0/0xa0 [ 2811.346167] ? retint_kernel+0x2d/0x2d [ 2811.346180] ? trace_hardirqs_on_caller+0x400/0x590 [ 2811.351776] Node 1 active_anon:3229252kB inactive_anon:12kB active_file:10548kB inactive_file:77792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:68kB writeback:48kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2811.353983] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2811.353999] ? check_preemption_disabled+0x3c/0x250 [ 2811.354010] ? retint_kernel+0x2d/0x2d [ 2811.354039] ? kvm_vcpu_release+0xa0/0xa0 [ 2811.363608] 0 [ 2811.366014] ? kvm_vcpu_release+0xa0/0xa0 [ 2811.366026] do_vfs_ioctl+0x7ae/0x1060 [ 2811.366039] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2811.366053] ? lock_downgrade+0x740/0x740 [ 2811.369767] 0 [ 2811.373771] ? ioctl_preallocate+0x1c0/0x1c0 [ 2811.373784] ? __fget+0x237/0x370 [ 2811.373807] ? security_file_ioctl+0x89/0xb0 [ 2811.373819] SyS_ioctl+0x8f/0xc0 [ 2811.373832] ? do_vfs_ioctl+0x1060/0x1060 [ 2811.378834] Node 0 [ 2811.383679] do_syscall_64+0x1e8/0x640 [ 2811.383688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2811.383705] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2811.383714] RIP: 0033:0x45b399 [ 2811.383719] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2811.383733] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2811.387756] 0 [ 2811.392446] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2811.392452] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2811.392457] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2811.392462] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2811.520515] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:4132kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2811.528719] lowmem_reserve[]: [ 2811.532309] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2811.532362] lowmem_reserve[]: 0 0 0 0 0 [ 2811.532384] Node 1 Normal free:137028kB min:53504kB low:66880kB high:80256kB active_anon:3229452kB inactive_anon:12kB active_file:10548kB inactive_file:74292kB unevictable:0kB writepending:104kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23296kB pagetables:74836kB bounce:0kB free_pcp:1208kB local_pcp:644kB free_cma:0kB [ 2811.532408] lowmem_reserve[]: [ 2811.543255] 0 [ 2811.545802] 0 [ 2811.582306] 2569 [ 2811.583665] 0 [ 2811.587787] 2569 [ 2811.591657] 0 0 0 [ 2811.591672] Node 0 DMA: 3*4kB (UME) 7*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10436kB [ 2811.591754] Node 0 DMA32: 408*4kB (UMEH) 2172*8kB (UMH) 513*16kB (UMEH) 2*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27280kB [ 2811.591826] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2811.591876] Node 1 Normal: 327*4kB (UME) 625*8kB (UME) 599*16kB (UME) 346*32kB (UME) 150*64kB (UME) 144*128kB (UME) 104*256kB (UME) 32*512kB (UME) 8*1024kB (UME) 3*2048kB (ME) 6*4096kB (M) = 136916kB [ 2811.591965] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.591971] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.591983] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.602041] 2569 [ 2811.606850] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.614949] 2569 [ 2811.617376] 21457 total pagecache pages [ 2811.625822] 0 pages in swap cache [ 2811.629540] Node 0 [ 2811.633405] Swap cache stats: add 0, delete 0, find 0/0 [ 2811.647928] DMA32 free:27200kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:656kB local_pcp:532kB free_cma:0kB [ 2811.649876] Free swap = 0kB [ 2811.666708] lowmem_reserve[]: [ 2811.669588] Total swap = 0kB [ 2811.867267] 0 [ 2811.973888] 1965979 pages RAM [ 2811.979289] 0 pages HighMem/MovableOnly [ 2811.984051] 335855 pages reserved [ 2811.987976] 0 pages cma reserved [ 2812.193968] 0 0 0 0 [ 2812.198054] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2812.273030] lowmem_reserve[]: 0 0 0 0 0 [ 2812.277330] Node 1 Normal free:90252kB min:53504kB low:66880kB high:80256kB active_anon:3255808kB inactive_anon:4kB active_file:10548kB inactive_file:95268kB unevictable:0kB writepending:4172kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23488kB pagetables:74896kB bounce:0kB free_pcp:792kB local_pcp:152kB free_cma:0kB [ 2812.370130] lowmem_reserve[]: 0 0 0 0 0 [ 2812.374452] Node 0 DMA: 3*4kB (UME) 7*8kB (UMH) 6*16kB (UMEH) 3*32kB (UEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10436kB [ 2812.420120] Node 0 DMA32: 408*4kB (UMEH) 2174*8kB (UMH) 513*16kB (UMEH) 2*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27296kB [ 2812.448242] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2812.480131] Node 1 Normal: 307*4kB (UME) 639*8kB (UME) 534*16kB (UME) 252*32kB (UME) 168*64kB (UME) 161*128kB (UME) 110*256kB (UME) 34*512kB (UME) 8*1024kB (UME) 1*2048kB (E) 3*4096kB (M) = 122404kB [ 2812.520899] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2812.529868] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2812.560203] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2812.569142] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2812.590125] 21440 total pagecache pages [ 2812.594366] 0 pages in swap cache [ 2812.597890] Swap cache stats: add 0, delete 0, find 0/0 [ 2812.620100] Free swap = 0kB [ 2812.624422] Total swap = 0kB [ 2812.627668] 1965979 pages RAM [ 2812.640101] 0 pages HighMem/MovableOnly [ 2812.644161] 335855 pages reserved [ 2812.647748] 0 pages cma reserved 12:41:02 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:02 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:02 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:02 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:02 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2813.030553] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2813.251806] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2813.312738] CPU: 0 PID: 30132 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2813.320670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2813.330033] Call Trace: [ 2813.332639] dump_stack+0x142/0x197 [ 2813.336313] warn_alloc.cold+0x96/0x1af [ 2813.340301] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2813.345435] ? wait_for_completion+0x420/0x420 [ 2813.350038] __alloc_pages_slowpath+0x23c6/0x2930 [ 2813.355024] ? warn_alloc+0xf0/0xf0 [ 2813.358677] ? __might_sleep+0x93/0xb0 [ 2813.362584] __alloc_pages_nodemask+0x62c/0x7a0 [ 2813.367293] ? rcu_read_lock_sched_held+0x110/0x130 [ 2813.372324] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2813.377360] alloc_pages_current+0xec/0x1e0 [ 2813.381730] kvm_mmu_create+0xdf/0x1e0 [ 2813.385733] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2813.390080] kvm_vcpu_init+0x272/0x360 [ 2813.393982] vmx_create_vcpu+0xfc/0x2aa0 [ 2813.398053] ? mutex_trylock+0x1c0/0x1c0 [ 2813.402135] ? handle_rdmsr+0x6e0/0x6e0 [ 2813.406129] ? wait_for_completion+0x420/0x420 [ 2813.410731] kvm_arch_vcpu_create+0x8c/0xc0 [ 2813.415202] kvm_vm_ioctl+0x501/0x1600 [ 2813.419100] ? __lock_acquire+0x5f7/0x4620 [ 2813.423481] ? find_held_lock+0x35/0x130 [ 2813.427563] ? kvm_vcpu_release+0xa0/0xa0 [ 2813.431757] ? trace_hardirqs_on+0x10/0x10 [ 2813.436104] ? trace_hardirqs_on+0x10/0x10 [ 2813.440376] ? __might_fault+0x110/0x1d0 [ 2813.444455] ? save_trace+0x290/0x290 [ 2813.448261] ? __might_fault+0x110/0x1d0 [ 2813.452338] ? __fget+0x210/0x370 [ 2813.455806] ? find_held_lock+0x35/0x130 [ 2813.459882] ? __fget+0x210/0x370 [ 2813.463351] ? kvm_vcpu_release+0xa0/0xa0 [ 2813.467511] do_vfs_ioctl+0x7ae/0x1060 [ 2813.471559] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2813.476326] ? lock_downgrade+0x740/0x740 [ 2813.480499] ? ioctl_preallocate+0x1c0/0x1c0 [ 2813.484924] ? __fget+0x237/0x370 [ 2813.488397] ? security_file_ioctl+0x89/0xb0 [ 2813.493843] SyS_ioctl+0x8f/0xc0 [ 2813.497227] ? do_vfs_ioctl+0x1060/0x1060 [ 2813.501393] do_syscall_64+0x1e8/0x640 [ 2813.505288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2813.510153] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2813.515357] RIP: 0033:0x45b399 [ 2813.518551] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2813.526271] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2813.533818] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2813.541229] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2813.542510] syz-executor.5: [ 2813.548517] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2813.548523] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2813.596976] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2813.619208] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2813.631997] CPU: 1 PID: 30136 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2813.640184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2813.649578] Call Trace: [ 2813.652185] dump_stack+0x142/0x197 [ 2813.655834] warn_alloc.cold+0x96/0x1af [ 2813.659910] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2813.664787] ? wait_for_completion+0x420/0x420 [ 2813.669394] __alloc_pages_slowpath+0x23c6/0x2930 [ 2813.674391] ? warn_alloc+0xf0/0xf0 [ 2813.678038] ? __might_sleep+0x93/0xb0 [ 2813.682897] __alloc_pages_nodemask+0x62c/0x7a0 [ 2813.688275] ? rcu_read_lock_sched_held+0x110/0x130 [ 2813.693306] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2813.700614] alloc_pages_current+0xec/0x1e0 [ 2813.704951] kvm_mmu_create+0xdf/0x1e0 [ 2813.708850] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2813.713194] kvm_vcpu_init+0x272/0x360 [ 2813.717181] vmx_create_vcpu+0xfc/0x2aa0 [ 2813.721256] ? check_preemption_disabled+0x3c/0x250 [ 2813.726283] ? handle_rdmsr+0x6e0/0x6e0 [ 2813.730251] kvm_arch_vcpu_create+0x8c/0xc0 [ 2813.734563] kvm_vm_ioctl+0x501/0x1600 [ 2813.738584] ? __lock_acquire+0x5f7/0x4620 [ 2813.742818] ? kvm_vcpu_release+0xa0/0xa0 [ 2813.746976] ? trace_hardirqs_on+0x10/0x10 [ 2813.751293] ? retint_kernel+0x2d/0x2d [ 2813.755181] ? trace_hardirqs_on_caller+0x400/0x590 [ 2813.760201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2813.764950] ? check_preemption_disabled+0x3c/0x250 [ 2813.769961] ? retint_kernel+0x2d/0x2d [ 2813.773859] ? do_vfs_ioctl+0xd29/0x1060 [ 2813.778879] ? kvm_vcpu_release+0xa0/0xa0 [ 2813.783076] do_vfs_ioctl+0x7ae/0x1060 [ 2813.786977] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2813.791811] ? lock_downgrade+0x740/0x740 [ 2813.795967] ? ioctl_preallocate+0x1c0/0x1c0 [ 2813.800373] ? __fget+0x237/0x370 [ 2813.803912] ? security_file_ioctl+0x89/0xb0 [ 2813.808427] SyS_ioctl+0x8f/0xc0 [ 2813.811787] ? do_vfs_ioctl+0x1060/0x1060 [ 2813.815934] do_syscall_64+0x1e8/0x640 [ 2813.819849] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2813.824718] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2813.829905] RIP: 0033:0x45b399 [ 2813.833092] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2813.840915] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2813.848287] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2813.856422] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2813.863690] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2813.870952] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2813.892541] warn_alloc_show_mem: 1 callbacks suppressed 12:41:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:04 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2813.892544] Mem-Info: [ 2813.905581] active_anon:1278507 inactive_anon:1219 isolated_anon:0 [ 2813.905581] active_file:2642 inactive_file:24239 isolated_file:0 [ 2813.905581] unevictable:0 dirty:757 writeback:0 unstable:0 [ 2813.905581] slab_reclaimable:27254 slab_unreclaimable:113758 [ 2813.905581] mapped:58573 shmem:244 pagetables:32770 bounce:0 [ 2813.905581] free:34521 free_pcp:414 free_cma:0 [ 2814.000788] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:0kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2814.029789] Node 1 active_anon:3243240kB inactive_anon:12kB active_file:10552kB inactive_file:74356kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:128kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2814.059217] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2814.095414] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2814.101790] Node 0 DMA32 free:27172kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:12kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:684kB local_pcp:176kB free_cma:0kB [ 2814.138018] lowmem_reserve[]: 0 0 0 0 0 [ 2814.146421] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2814.256637] lowmem_reserve[]: 0 0 0 0 0 [ 2814.272794] Node 1 Normal free:106732kB min:53504kB low:66880kB high:80256kB active_anon:3243480kB inactive_anon:12kB active_file:10556kB inactive_file:92488kB unevictable:0kB writepending:15816kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23552kB pagetables:75188kB bounce:0kB free_pcp:324kB local_pcp:148kB free_cma:0kB [ 2814.396214] lowmem_reserve[]: 0 0 0 0 0 [ 2814.406520] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2814.446000] Node 0 DMA32: 406*4kB (UMH) 2148*8kB (UMH) 511*16kB (UMEH) 3*32kB (UH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27080kB [ 2814.479422] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2814.505975] Node 1 Normal: 1*4kB (U) 45*8kB (UME) 9*16kB (UME) 121*32kB (ME) 178*64kB (UME) 175*128kB (UME) 117*256kB (UME) 33*512kB (UME) 7*1024kB (UME) 2*2048kB (ME) 1*4096kB (M) = 100380kB [ 2814.525453] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2814.538644] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2814.547623] CPU: 0 PID: 30140 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2814.550887] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2814.555535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2814.555540] Call Trace: [ 2814.555559] dump_stack+0x142/0x197 [ 2814.555574] warn_alloc.cold+0x96/0x1af [ 2814.555584] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2814.555597] ? check_preemption_disabled+0x3c/0x250 [ 2814.555608] ? retint_kernel+0x2d/0x2d [ 2814.555626] __alloc_pages_slowpath+0x23c6/0x2930 [ 2814.555648] ? warn_alloc+0xf0/0xf0 [ 2814.583391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2814.584118] ? __might_sleep+0x93/0xb0 [ 2814.597908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2814.598079] __alloc_pages_nodemask+0x62c/0x7a0 [ 2814.613336] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2814.615976] ? rcu_read_lock_sched_held+0x110/0x130 [ 2814.615989] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2814.616012] alloc_pages_current+0xec/0x1e0 [ 2814.616027] kvm_mmu_create+0xdf/0x1e0 [ 2814.616039] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2814.616052] kvm_vcpu_init+0x272/0x360 [ 2814.616068] vmx_create_vcpu+0xfc/0x2aa0 [ 2814.623961] 28347 total pagecache pages [ 2814.628799] ? mutex_trylock+0x1c0/0x1c0 [ 2814.628821] ? handle_rdmsr+0x6e0/0x6e0 [ 2814.628833] ? wait_for_completion+0x420/0x420 [ 2814.628849] kvm_arch_vcpu_create+0x8c/0xc0 [ 2814.628862] kvm_vm_ioctl+0x501/0x1600 [ 2814.628873] ? __lock_acquire+0x5f7/0x4620 [ 2814.628882] ? mark_held_locks+0xb1/0x100 [ 2814.628895] ? kvm_vcpu_release+0xa0/0xa0 [ 2814.647765] 0 pages in swap cache [ 2814.652171] ? trace_hardirqs_on_caller+0x400/0x590 [ 2814.652188] ? trace_hardirqs_on+0x10/0x10 [ 2814.652199] ? __might_fault+0x110/0x1d0 [ 2814.652211] ? save_trace+0x290/0x290 [ 2814.652223] ? trace_hardirqs_on_caller+0x400/0x590 [ 2814.652232] ? __fget+0x210/0x370 [ 2814.652242] ? find_held_lock+0x35/0x130 [ 2814.652255] ? __fget+0x210/0x370 [ 2814.663722] Swap cache stats: add 0, delete 0, find 0/0 [ 2814.664787] ? kvm_vcpu_release+0xa0/0xa0 12:41:04 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:04 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2814.664801] do_vfs_ioctl+0x7ae/0x1060 [ 2814.664816] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2814.664825] ? lock_downgrade+0x740/0x740 [ 2814.664842] ? ioctl_preallocate+0x1c0/0x1c0 [ 2814.670330] Free swap = 0kB [ 2814.672798] ? __fget+0x237/0x370 [ 2814.672820] ? security_file_ioctl+0x89/0xb0 [ 2814.672834] SyS_ioctl+0x8f/0xc0 [ 2814.672847] ? do_vfs_ioctl+0x1060/0x1060 [ 2814.680739] Total swap = 0kB [ 2814.680905] do_syscall_64+0x1e8/0x640 [ 2814.691187] 1965979 pages RAM 12:41:04 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2814.693814] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2814.693834] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2814.693842] RIP: 0033:0x45b399 [ 2814.693848] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2814.693859] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2814.693865] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2814.693871] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2814.693876] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2814.693880] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2814.878750] 0 pages HighMem/MovableOnly [ 2814.882857] 335855 pages reserved [ 2814.886346] 0 pages cma reserved 12:41:05 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:05 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2815.305902] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2815.364928] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2815.408207] CPU: 0 PID: 30135 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2815.416138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2815.425503] Call Trace: [ 2815.428099] dump_stack+0x142/0x197 [ 2815.431735] warn_alloc.cold+0x96/0x1af [ 2815.435722] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2815.437817] syz-executor.3: [ 2815.440687] ? wait_for_completion+0x420/0x420 [ 2815.440704] __alloc_pages_slowpath+0x23c6/0x2930 [ 2815.440726] ? warn_alloc+0xf0/0xf0 [ 2815.440744] ? __might_sleep+0x93/0xb0 [ 2815.440757] __alloc_pages_nodemask+0x62c/0x7a0 [ 2815.443767] page allocation failure: order:0 [ 2815.448347] ? retint_kernel+0x2d/0x2d [ 2815.448364] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2815.448373] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2815.448388] ? check_preemption_disabled+0x3c/0x250 [ 2815.488527] ? retint_kernel+0x2d/0x2d [ 2815.492425] alloc_pages_current+0xec/0x1e0 [ 2815.496761] kvm_mmu_create+0xdf/0x1e0 [ 2815.500644] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2815.504990] kvm_vcpu_init+0x272/0x360 [ 2815.508898] vmx_create_vcpu+0xfc/0x2aa0 [ 2815.512986] ? mutex_trylock+0x1c0/0x1c0 [ 2815.517164] ? retint_kernel+0x2d/0x2d [ 2815.521043] ? handle_rdmsr+0x6e0/0x6e0 [ 2815.525131] ? wait_for_completion+0x420/0x420 [ 2815.529713] kvm_arch_vcpu_create+0x8c/0xc0 [ 2815.534064] kvm_vm_ioctl+0x501/0x1600 [ 2815.537962] ? __lock_acquire+0x5f7/0x4620 [ 2815.542199] ? find_held_lock+0x35/0x130 [ 2815.546261] ? kvm_vcpu_release+0xa0/0xa0 [ 2815.550410] ? trace_hardirqs_on+0x10/0x10 [ 2815.554647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2815.559532] ? trace_hardirqs_on+0x10/0x10 [ 2815.563759] ? __might_fault+0x110/0x1d0 [ 2815.567823] ? save_trace+0x290/0x290 [ 2815.571950] ? trace_hardirqs_on_caller+0x400/0x590 [ 2815.576960] ? __fget+0x210/0x370 [ 2815.580409] ? find_held_lock+0x35/0x130 [ 2815.584624] ? __fget+0x210/0x370 [ 2815.588071] ? kvm_vcpu_release+0xa0/0xa0 [ 2815.592211] do_vfs_ioctl+0x7ae/0x1060 [ 2815.596100] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2815.600862] ? lock_downgrade+0x740/0x740 [ 2815.605026] ? ioctl_preallocate+0x1c0/0x1c0 [ 2815.609567] ? __fget+0x237/0x370 [ 2815.613040] ? security_file_ioctl+0x89/0xb0 [ 2815.618816] SyS_ioctl+0x8f/0xc0 [ 2815.622193] ? do_vfs_ioctl+0x1060/0x1060 [ 2815.626356] do_syscall_64+0x1e8/0x640 [ 2815.630349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2815.635197] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2815.640499] RIP: 0033:0x45b399 [ 2815.643691] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2815.651521] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2815.658914] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2815.666494] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2815.673768] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2815.681031] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2815.688593] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2815.707935] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2815.725868] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2815.747891] CPU: 1 PID: 30175 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2815.752936] syz-executor.5 cpuset= [ 2815.756043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2815.756048] Call Trace: [ 2815.756066] dump_stack+0x142/0x197 [ 2815.756082] warn_alloc.cold+0x96/0x1af [ 2815.756092] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2815.756112] ? wait_for_completion+0x420/0x420 [ 2815.756129] __alloc_pages_slowpath+0x23c6/0x2930 [ 2815.756159] ? warn_alloc+0xf0/0xf0 [ 2815.776763] syz5 [ 2815.779337] ? __might_sleep+0x93/0xb0 [ 2815.803098] __alloc_pages_nodemask+0x62c/0x7a0 [ 2815.804584] mems_allowed=0-1 [ 2815.807782] ? rcu_read_lock_sched_held+0x110/0x130 [ 2815.807796] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2815.807819] alloc_pages_current+0xec/0x1e0 [ 2815.807836] kvm_mmu_create+0xdf/0x1e0 [ 2815.807849] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2815.807863] kvm_vcpu_init+0x272/0x360 [ 2815.807877] vmx_create_vcpu+0xfc/0x2aa0 [ 2815.841717] ? mutex_trylock+0x1c0/0x1c0 [ 2815.845805] ? handle_rdmsr+0x6e0/0x6e0 [ 2815.849792] ? wait_for_completion+0x420/0x420 [ 2815.854394] kvm_arch_vcpu_create+0x8c/0xc0 [ 2815.858766] kvm_vm_ioctl+0x501/0x1600 [ 2815.862665] ? __lock_acquire+0x5f7/0x4620 [ 2815.867256] ? find_held_lock+0x35/0x130 [ 2815.871331] ? kvm_vcpu_release+0xa0/0xa0 [ 2815.875487] ? trace_hardirqs_on+0x10/0x10 [ 2815.879845] ? trace_hardirqs_on+0x10/0x10 [ 2815.884087] ? __might_fault+0x110/0x1d0 [ 2815.888154] ? save_trace+0x290/0x290 [ 2815.891964] ? __might_fault+0x110/0x1d0 [ 2815.896043] ? __fget+0x210/0x370 [ 2815.899520] ? find_held_lock+0x35/0x130 [ 2815.903617] ? __fget+0x210/0x370 [ 2815.907094] ? kvm_vcpu_release+0xa0/0xa0 [ 2815.911361] do_vfs_ioctl+0x7ae/0x1060 [ 2815.915259] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2815.920025] ? lock_downgrade+0x740/0x740 [ 2815.924191] ? ioctl_preallocate+0x1c0/0x1c0 [ 2815.929245] ? __fget+0x237/0x370 [ 2815.932720] ? security_file_ioctl+0x89/0xb0 [ 2815.937147] SyS_ioctl+0x8f/0xc0 [ 2815.940522] ? do_vfs_ioctl+0x1060/0x1060 [ 2815.944839] do_syscall_64+0x1e8/0x640 [ 2815.948735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2815.953621] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2815.958920] RIP: 0033:0x45b399 [ 2815.962120] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2815.969848] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2815.977128] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2815.984433] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2815.991999] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2815.999350] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2816.007650] CPU: 0 PID: 30165 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2816.015563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2816.024954] Call Trace: [ 2816.027562] dump_stack+0x142/0x197 [ 2816.031217] warn_alloc.cold+0x96/0x1af [ 2816.035201] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2816.040093] ? wait_for_completion+0x420/0x420 [ 2816.044698] __alloc_pages_slowpath+0x23c6/0x2930 [ 2816.049571] ? warn_alloc+0xf0/0xf0 [ 2816.053218] ? __might_sleep+0x93/0xb0 [ 2816.057675] __alloc_pages_nodemask+0x62c/0x7a0 [ 2816.062397] ? rcu_read_lock_sched_held+0x110/0x130 [ 2816.067429] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2816.072473] alloc_pages_current+0xec/0x1e0 [ 2816.076817] kvm_mmu_create+0xdf/0x1e0 [ 2816.080725] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2816.085244] kvm_vcpu_init+0x272/0x360 [ 2816.089418] vmx_create_vcpu+0xfc/0x2aa0 [ 2816.094279] ? mutex_trylock+0x1c0/0x1c0 [ 2816.098665] ? handle_rdmsr+0x6e0/0x6e0 [ 2816.102969] ? wait_for_completion+0x420/0x420 [ 2816.107577] kvm_arch_vcpu_create+0x8c/0xc0 [ 2816.112264] kvm_vm_ioctl+0x501/0x1600 [ 2816.116266] ? __lock_acquire+0x5f7/0x4620 [ 2816.120833] ? kvm_vcpu_release+0xa0/0xa0 [ 2816.125193] ? trace_hardirqs_on+0x10/0x10 [ 2816.129452] ? trace_hardirqs_on+0x10/0x10 [ 2816.133703] ? __might_fault+0x110/0x1d0 [ 2816.137783] ? save_trace+0x290/0x290 [ 2816.141629] ? trace_hardirqs_on_caller+0x400/0x590 [ 2816.146655] ? __fget+0x210/0x370 [ 2816.150235] ? find_held_lock+0x35/0x130 [ 2816.154319] ? __fget+0x210/0x370 12:41:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2816.154427] warn_alloc_show_mem: 2 callbacks suppressed [ 2816.154430] Mem-Info: [ 2816.157779] ? kvm_vcpu_release+0xa0/0xa0 [ 2816.157791] do_vfs_ioctl+0x7ae/0x1060 [ 2816.157805] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2816.157817] ? lock_downgrade+0x740/0x740 [ 2816.157828] ? ioctl_preallocate+0x1c0/0x1c0 [ 2816.157839] ? __fget+0x237/0x370 [ 2816.157856] ? security_file_ioctl+0x89/0xb0 [ 2816.163876] active_anon:1279875 inactive_anon:1217 isolated_anon:0 [ 2816.163876] active_file:2641 inactive_file:18868 isolated_file:2 [ 2816.163876] unevictable:0 dirty:56 writeback:300 unstable:0 [ 2816.163876] slab_reclaimable:27640 slab_unreclaimable:112709 [ 2816.163876] mapped:58584 shmem:244 pagetables:32840 bounce:0 [ 2816.163876] free:39056 free_pcp:482 free_cma:0 [ 2816.165659] SyS_ioctl+0x8f/0xc0 [ 2816.165672] ? do_vfs_ioctl+0x1060/0x1060 [ 2816.165687] do_syscall_64+0x1e8/0x640 [ 2816.165697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2816.165713] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2816.165721] RIP: 0033:0x45b399 [ 2816.165731] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 12:41:06 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2816.170863] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2816.173747] ORIG_RAX: 0000000000000010 [ 2816.173759] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2816.173764] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2816.173770] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2816.173776] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2816.173782] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2816.333045] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2816.333561] Node 1 active_anon:3248756kB inactive_anon:12kB active_file:10560kB inactive_file:74308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:228kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2816.359783] syz-executor.1 cpuset= [ 2816.372341] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2816.379560] syz1 [ 2816.403859] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2816.411338] Node 0 DMA32 free:28076kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2816.413025] mems_allowed=0-1 [ 2816.441191] lowmem_reserve[]: 0 0 0 0 0 [ 2816.451167] CPU: 0 PID: 30190 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2816.459314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2816.468707] Call Trace: [ 2816.471308] dump_stack+0x142/0x197 [ 2816.474955] warn_alloc.cold+0x96/0x1af [ 2816.480870] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2816.485737] ? wait_for_completion+0x420/0x420 [ 2816.490338] __alloc_pages_slowpath+0x23c6/0x2930 [ 2816.495211] ? warn_alloc+0xf0/0xf0 [ 2816.498860] ? __might_sleep+0x93/0xb0 [ 2816.502821] __alloc_pages_nodemask+0x62c/0x7a0 [ 2816.507546] ? rcu_read_lock_sched_held+0x110/0x130 [ 2816.512579] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2816.517633] alloc_pages_current+0xec/0x1e0 [ 2816.522043] kvm_mmu_create+0xdf/0x1e0 [ 2816.525953] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2816.530287] kvm_vcpu_init+0x272/0x360 [ 2816.534200] vmx_create_vcpu+0xfc/0x2aa0 [ 2816.538276] ? check_preemption_disabled+0x3c/0x250 [ 2816.543457] ? retint_kernel+0x2d/0x2d [ 2816.547368] ? handle_rdmsr+0x6e0/0x6e0 [ 2816.551369] ? kvm_arch_vcpu_create+0x61/0xc0 [ 2816.555894] kvm_arch_vcpu_create+0x8c/0xc0 [ 2816.560229] kvm_vm_ioctl+0x501/0x1600 [ 2816.564219] ? __lock_acquire+0x5f7/0x4620 [ 2816.568474] ? mark_held_locks+0xb1/0x100 [ 2816.572639] ? kvm_vcpu_release+0xa0/0xa0 [ 2816.576793] ? retint_kernel+0x2d/0x2d [ 2816.580693] ? trace_hardirqs_on_caller+0x400/0x590 [ 2816.585852] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2816.590710] ? check_preemption_disabled+0x3c/0x250 [ 2816.595757] ? retint_kernel+0x2d/0x2d [ 2816.599668] ? selinux_file_ioctl+0x19a/0x560 [ 2816.604171] ? selinux_file_ioctl+0x213/0x560 [ 2816.608805] ? kvm_vcpu_release+0xa0/0xa0 [ 2816.612975] do_vfs_ioctl+0x7ae/0x1060 [ 2816.616880] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2816.618967] Node 0 [ 2816.621644] ? lock_downgrade+0x740/0x740 [ 2816.621659] ? ioctl_preallocate+0x1c0/0x1c0 [ 2816.621671] ? __fget+0x237/0x370 [ 2816.621688] ? security_file_ioctl+0x89/0xb0 [ 2816.629110] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2816.632459] SyS_ioctl+0x8f/0xc0 [ 2816.632471] ? do_vfs_ioctl+0x1060/0x1060 [ 2816.632485] do_syscall_64+0x1e8/0x640 [ 2816.632494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2816.632509] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2816.632519] RIP: 0033:0x45b399 [ 2816.642418] lowmem_reserve[]: [ 2816.665139] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2816.665150] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2816.665155] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2816.665160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2816.665164] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2816.665169] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2816.876511] 0 0 0 0 0 [ 2816.888216] Node 1 Normal free:94028kB min:53504kB low:66880kB high:80256kB active_anon:3254956kB inactive_anon:12kB active_file:10560kB inactive_file:93808kB unevictable:0kB writepending:9552kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23360kB pagetables:75344kB bounce:0kB free_pcp:704kB local_pcp:468kB free_cma:0kB [ 2816.972898] lowmem_reserve[]: 0 0 0 0 0 [ 2816.985422] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2817.009021] Node 0 DMA32: 424*4kB (UMH) 2176*8kB (UMEH) 507*16kB (UMEH) 2*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27280kB [ 2817.029227] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2817.042680] Node 1 Normal: 2*4kB (UE) 15*8kB (UME) 6*16kB (UM) 82*32kB (UE) 105*64kB (UME) 153*128kB (UE) 109*256kB (UME) 29*512kB (UE) 6*1024kB (UE) 2*2048kB (ME) 1*4096kB (M) = 86240kB 12:41:07 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:07 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:07 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:07 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2817.094590] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2817.114784] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12:41:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2817.163462] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2817.214848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2817.252620] 24081 total pagecache pages [ 2817.278568] 0 pages in swap cache [ 2817.299309] Swap cache stats: add 0, delete 0, find 0/0 [ 2817.320126] Free swap = 0kB [ 2817.332460] Total swap = 0kB [ 2817.342949] 1965979 pages RAM 12:41:07 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2817.355456] 0 pages HighMem/MovableOnly [ 2817.375536] 335855 pages reserved [ 2817.387855] 0 pages cma reserved [ 2817.627548] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2817.639049] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2817.646025] CPU: 0 PID: 30209 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2817.654027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2817.663394] Call Trace: [ 2817.666005] dump_stack+0x142/0x197 [ 2817.669658] warn_alloc.cold+0x96/0x1af [ 2817.673647] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2817.678519] ? wait_for_completion+0x420/0x420 [ 2817.678744] syz-executor.5: [ 2817.683252] __alloc_pages_slowpath+0x23c6/0x2930 [ 2817.683278] ? warn_alloc+0xf0/0xf0 [ 2817.683299] ? __might_sleep+0x93/0xb0 [ 2817.683310] __alloc_pages_nodemask+0x62c/0x7a0 [ 2817.683320] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2817.683332] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2817.683343] ? check_preemption_disabled+0x3c/0x250 [ 2817.683367] alloc_pages_current+0xec/0x1e0 [ 2817.703279] page allocation failure: order:0 [ 2817.703496] ? kvm_set_tsc_khz+0x188/0x490 [ 2817.703511] kvm_mmu_create+0xdf/0x1e0 [ 2817.725848] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2817.727057] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2817.727073] kvm_vcpu_init+0x272/0x360 [ 2817.727086] vmx_create_vcpu+0xfc/0x2aa0 [ 2817.727102] ? check_preemption_disabled+0x3c/0x250 [ 2817.751718] (null) [ 2817.753504] ? retint_kernel+0x2d/0x2d [ 2817.753522] ? handle_rdmsr+0x6e0/0x6e0 [ 2817.753535] ? kvm_arch_vcpu_create+0x61/0xc0 [ 2817.753554] kvm_arch_vcpu_create+0x8c/0xc0 [ 2817.763912] syz-executor.5 cpuset= [ 2817.764759] kvm_vm_ioctl+0x501/0x1600 [ 2817.764772] ? __lock_acquire+0x5f7/0x4620 [ 2817.773504] syz-executor.2: [ 2817.778261] ? kvm_vcpu_release+0xa0/0xa0 [ 2817.778275] ? trace_hardirqs_on+0x10/0x10 [ 2817.778288] ? trace_hardirqs_on+0x10/0x10 [ 2817.778299] ? trace_hardirqs_on_caller+0x400/0x590 [ 2817.778310] ? save_trace+0x290/0x290 [ 2817.778323] ? trace_hardirqs_on_caller+0x400/0x590 [ 2817.778333] ? __fget+0x210/0x370 [ 2817.778342] ? find_held_lock+0x35/0x130 [ 2817.778353] ? __fget+0x210/0x370 [ 2817.778364] ? kvm_vcpu_release+0xa0/0xa0 [ 2817.778378] do_vfs_ioctl+0x7ae/0x1060 [ 2817.782608] syz5 [ 2817.786125] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2817.795947] page allocation failure: order:0 [ 2817.797537] ? ioctl_preallocate+0x1c0/0x1c0 [ 2817.797550] ? check_preemption_disabled+0x3c/0x250 [ 2817.797563] ? retint_kernel+0x2d/0x2d [ 2817.797583] SyS_ioctl+0x8f/0xc0 [ 2817.803979] mems_allowed=0-1 [ 2817.806044] ? do_vfs_ioctl+0x1060/0x1060 [ 2817.806061] do_syscall_64+0x1e8/0x640 [ 2817.806072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2817.806089] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2817.806097] RIP: 0033:0x45b399 [ 2817.806102] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2817.806114] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2817.806120] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2817.806125] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2817.806131] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2817.806137] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:08 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2818.132007] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2818.138613] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2818.191164] CPU: 1 PID: 30205 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2818.199091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2818.208599] Call Trace: [ 2818.211207] dump_stack+0x142/0x197 [ 2818.214854] warn_alloc.cold+0x96/0x1af [ 2818.218842] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2818.224689] ? wait_for_completion+0x420/0x420 [ 2818.229291] __alloc_pages_slowpath+0x23c6/0x2930 [ 2818.234166] ? warn_alloc+0xf0/0xf0 [ 2818.237821] ? __might_sleep+0x93/0xb0 [ 2818.241763] __alloc_pages_nodemask+0x62c/0x7a0 [ 2818.246447] ? rcu_read_lock_sched_held+0x110/0x130 [ 2818.251485] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2818.256522] alloc_pages_current+0xec/0x1e0 [ 2818.260859] kvm_mmu_create+0xdf/0x1e0 [ 2818.264767] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2818.269221] kvm_vcpu_init+0x272/0x360 [ 2818.273136] vmx_create_vcpu+0xfc/0x2aa0 [ 2818.277325] ? mutex_trylock+0x1c0/0x1c0 [ 2818.281415] ? retint_kernel+0x2d/0x2d [ 2818.285326] ? handle_rdmsr+0x6e0/0x6e0 [ 2818.289325] ? wait_for_completion+0x420/0x420 [ 2818.293929] kvm_arch_vcpu_create+0x8c/0xc0 [ 2818.298274] kvm_vm_ioctl+0x501/0x1600 [ 2818.302178] ? __lock_acquire+0x5f7/0x4620 [ 2818.306427] ? do_futex+0x20e/0x19e0 [ 2818.310164] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.314325] ? retint_kernel+0x2d/0x2d [ 2818.318235] ? trace_hardirqs_on_caller+0x400/0x590 [ 2818.323277] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2818.328057] ? check_preemption_disabled+0x3c/0x250 [ 2818.333093] ? retint_kernel+0x2d/0x2d [ 2818.337026] ? selinux_file_ioctl+0x83/0x560 12:41:08 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2818.341452] ? selinux_file_ioctl+0xb8/0x560 [ 2818.345880] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.350051] do_vfs_ioctl+0x7ae/0x1060 [ 2818.353956] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2818.358733] ? lock_downgrade+0x740/0x740 [ 2818.362899] ? ioctl_preallocate+0x1c0/0x1c0 [ 2818.367446] ? __fget+0x237/0x370 [ 2818.370924] ? security_file_ioctl+0x89/0xb0 [ 2818.375359] SyS_ioctl+0x8f/0xc0 [ 2818.378761] ? do_vfs_ioctl+0x1060/0x1060 [ 2818.382927] do_syscall_64+0x1e8/0x640 [ 2818.386827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2818.391685] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2818.396883] RIP: 0033:0x45b399 [ 2818.400080] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2818.408298] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2818.415693] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2818.423122] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2818.430405] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2818.437688] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2818.496447] CPU: 1 PID: 30203 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2818.504472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2818.513839] Call Trace: [ 2818.516450] dump_stack+0x142/0x197 [ 2818.519197] warn_alloc: 1 callbacks suppressed [ 2818.519234] syz-executor.3: [ 2818.520099] warn_alloc.cold+0x96/0x1af [ 2818.520111] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2818.520126] ? retint_kernel+0x2d/0x2d [ 2818.520138] ? wait_for_completion+0x420/0x420 [ 2818.520153] __alloc_pages_slowpath+0x23c6/0x2930 [ 2818.520174] ? warn_alloc+0xf0/0xf0 [ 2818.520194] ? __might_sleep+0x93/0xb0 [ 2818.520206] __alloc_pages_nodemask+0x62c/0x7a0 [ 2818.520217] ? rcu_read_lock_sched_held+0x110/0x130 [ 2818.520229] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2818.526464] page allocation failure: order:0 [ 2818.527911] alloc_pages_current+0xec/0x1e0 [ 2818.527927] kvm_mmu_create+0xdf/0x1e0 [ 2818.527941] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2818.553004] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2818.553774] kvm_vcpu_init+0x272/0x360 [ 2818.553788] vmx_create_vcpu+0xfc/0x2aa0 [ 2818.566137] (null) [ 2818.567391] ? mutex_trylock+0x1c0/0x1c0 [ 2818.567409] ? retint_kernel+0x2d/0x2d [ 2818.567422] ? handle_rdmsr+0x6e0/0x6e0 [ 2818.567433] ? wait_for_completion+0x420/0x420 [ 2818.567449] kvm_arch_vcpu_create+0x8c/0xc0 [ 2818.579646] syz-executor.3 cpuset= [ 2818.581212] kvm_vm_ioctl+0x501/0x1600 [ 2818.581225] ? __lock_acquire+0x5f7/0x4620 [ 2818.581238] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.581249] ? trace_hardirqs_on+0x10/0x10 [ 2818.581265] ? trace_hardirqs_on+0x10/0x10 [ 2818.581276] ? __might_fault+0x110/0x1d0 [ 2818.581287] ? save_trace+0x290/0x290 [ 2818.581296] ? trace_hardirqs_on_caller+0x400/0x590 [ 2818.581308] ? __fget+0x210/0x370 [ 2818.581318] ? find_held_lock+0x35/0x130 [ 2818.581327] ? __fget+0x210/0x370 [ 2818.581349] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.581363] do_vfs_ioctl+0x7ae/0x1060 [ 2818.589121] syz3 [ 2818.589591] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2818.599940] warn_alloc_show_mem: 3 callbacks suppressed [ 2818.599957] Mem-Info: [ 2818.603450] ? lock_downgrade+0x740/0x740 [ 2818.603464] ? ioctl_preallocate+0x1c0/0x1c0 [ 2818.603476] ? __fget+0x237/0x370 [ 2818.603494] ? security_file_ioctl+0x89/0xb0 [ 2818.603508] SyS_ioctl+0x8f/0xc0 [ 2818.603518] ? do_vfs_ioctl+0x1060/0x1060 [ 2818.603531] do_syscall_64+0x1e8/0x640 [ 2818.603541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2818.603557] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2818.603565] RIP: 0033:0x45b399 [ 2818.603571] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2818.603583] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2818.603589] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2818.603594] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2818.603600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2818.603607] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2818.794424] mems_allowed=0-1 [ 2818.797690] CPU: 0 PID: 30235 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2818.805586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2818.814949] Call Trace: [ 2818.818872] dump_stack+0x142/0x197 [ 2818.822553] warn_alloc.cold+0x96/0x1af [ 2818.826549] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2818.831428] ? wait_for_completion+0x420/0x420 [ 2818.836043] __alloc_pages_slowpath+0x23c6/0x2930 [ 2818.840918] ? warn_alloc+0xf0/0xf0 [ 2818.844571] ? __might_sleep+0x93/0xb0 [ 2818.848470] __alloc_pages_nodemask+0x62c/0x7a0 [ 2818.853150] ? rcu_read_lock_sched_held+0x110/0x130 [ 2818.858189] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2818.863233] alloc_pages_current+0xec/0x1e0 [ 2818.867580] kvm_mmu_create+0xdf/0x1e0 [ 2818.871625] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2818.875962] kvm_vcpu_init+0x272/0x360 [ 2818.879867] vmx_create_vcpu+0xfc/0x2aa0 [ 2818.884048] ? mutex_trylock+0x1c0/0x1c0 [ 2818.888132] ? handle_rdmsr+0x6e0/0x6e0 [ 2818.892128] ? wait_for_completion+0x420/0x420 [ 2818.896736] kvm_arch_vcpu_create+0x8c/0xc0 [ 2818.901075] kvm_vm_ioctl+0x501/0x1600 [ 2818.904978] ? __lock_acquire+0x5f7/0x4620 [ 2818.909326] ? find_held_lock+0x35/0x130 [ 2818.913516] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.917798] ? trace_hardirqs_on+0x10/0x10 [ 2818.922060] ? trace_hardirqs_on+0x10/0x10 [ 2818.926335] ? __might_fault+0x110/0x1d0 [ 2818.930426] ? save_trace+0x290/0x290 [ 2818.934254] ? __might_fault+0x110/0x1d0 [ 2818.938334] ? __fget+0x210/0x370 [ 2818.941813] ? find_held_lock+0x35/0x130 [ 2818.945889] ? __fget+0x210/0x370 [ 2818.949358] ? kvm_vcpu_release+0xa0/0xa0 [ 2818.953525] do_vfs_ioctl+0x7ae/0x1060 [ 2818.957443] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2818.962225] ? lock_downgrade+0x740/0x740 [ 2818.966395] ? ioctl_preallocate+0x1c0/0x1c0 [ 2818.970824] ? __fget+0x237/0x370 [ 2818.974298] ? security_file_ioctl+0x89/0xb0 [ 2818.978717] SyS_ioctl+0x8f/0xc0 [ 2818.982102] ? do_vfs_ioctl+0x1060/0x1060 [ 2818.986261] do_syscall_64+0x1e8/0x640 [ 2818.990163] ? trace_hardirqs_off_thunk+0x1a/0x1c 12:41:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2818.995035] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2819.000233] RIP: 0033:0x45b399 [ 2819.003428] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2819.011271] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2819.018553] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2819.025832] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2819.033380] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2819.040661] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2819.053642] active_anon:1285633 inactive_anon:1219 isolated_anon:0 [ 2819.053642] active_file:2646 inactive_file:20301 isolated_file:0 [ 2819.053642] unevictable:0 dirty:1759 writeback:0 unstable:0 [ 2819.053642] slab_reclaimable:28079 slab_unreclaimable:112075 [ 2819.053642] mapped:58573 shmem:244 pagetables:32939 bounce:0 [ 2819.053642] free:32045 free_pcp:318 free_cma:0 [ 2819.092256] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2819.120839] Node 1 active_anon:3271776kB inactive_anon:12kB active_file:10572kB inactive_file:83536kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:9468kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2819.149558] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 12:41:09 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2819.225449] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2819.280439] Node 0 DMA32 free:27096kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:448kB local_pcp:124kB free_cma:0kB 12:41:09 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2819.449274] lowmem_reserve[]: 0 0 0 0 0 [ 2819.467140] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2819.563776] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2819.588015] lowmem_reserve[]: 0 0 0 0 0 [ 2819.600941] Node 1 Normal free:72532kB min:53504kB low:66880kB high:80256kB active_anon:3280076kB inactive_anon:12kB active_file:10572kB inactive_file:90736kB unevictable:0kB writepending:64kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23744kB pagetables:75728kB bounce:0kB free_pcp:948kB local_pcp:668kB free_cma:0kB [ 2819.623303] syz-executor.3 cpuset= [ 2819.656852] lowmem_reserve[]: [ 2819.660365] syz3 [ 2819.661151] 0 0 0 0 0 [ 2819.670686] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2819.678176] mems_allowed=0-1 [ 2819.689392] Node 0 DMA32: 410*4kB (UMEH) 2165*8kB (UMH) 506*16kB (UMEH) 2*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27120kB [ 2819.709181] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2819.724045] Node 1 Normal: 1*4kB (U) 5*8kB (UM) 1*16kB (U) 6*32kB (UE) 84*64kB (UE) 159*128kB (UE) 106*256kB (UE) 29*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 67964kB [ 2819.742704] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2819.743924] CPU: 1 PID: 30249 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2819.753050] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2819.759635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2819.759641] Call Trace: [ 2819.759661] dump_stack+0x142/0x197 [ 2819.759675] warn_alloc.cold+0x96/0x1af [ 2819.759685] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2819.759704] ? wait_for_completion+0x420/0x420 [ 2819.759720] __alloc_pages_slowpath+0x23c6/0x2930 [ 2819.759743] ? warn_alloc+0xf0/0xf0 [ 2819.759765] ? __might_sleep+0x93/0xb0 [ 2819.771184] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2819.777733] __alloc_pages_nodemask+0x62c/0x7a0 [ 2819.777748] ? rcu_read_lock_sched_held+0x110/0x130 [ 2819.777759] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2819.777780] alloc_pages_current+0xec/0x1e0 [ 2819.777795] kvm_mmu_create+0xdf/0x1e0 [ 2819.777809] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2819.777822] kvm_vcpu_init+0x272/0x360 [ 2819.777835] vmx_create_vcpu+0xfc/0x2aa0 [ 2819.777846] ? mutex_trylock+0x1c0/0x1c0 [ 2819.777863] ? handle_rdmsr+0x6e0/0x6e0 [ 2819.781320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2819.784065] ? wait_for_completion+0x420/0x420 [ 2819.784082] kvm_arch_vcpu_create+0x8c/0xc0 [ 2819.784097] kvm_vm_ioctl+0x501/0x1600 [ 2819.784110] ? __lock_acquire+0x5f7/0x4620 [ 2819.784120] ? find_held_lock+0x35/0x130 [ 2819.784140] ? kvm_vcpu_release+0xa0/0xa0 [ 2819.784153] ? trace_hardirqs_on+0x10/0x10 [ 2819.788905] 25596 total pagecache pages [ 2819.793021] ? trace_hardirqs_on+0x10/0x10 [ 2819.793031] ? __might_fault+0x110/0x1d0 [ 2819.793041] ? save_trace+0x290/0x290 [ 2819.793048] ? __might_fault+0x110/0x1d0 [ 2819.793061] ? __fget+0x210/0x370 [ 2819.793072] ? find_held_lock+0x35/0x130 [ 2819.793082] ? __fget+0x210/0x370 [ 2819.793097] ? kvm_vcpu_release+0xa0/0xa0 [ 2819.793108] do_vfs_ioctl+0x7ae/0x1060 [ 2819.793120] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2819.793128] ? lock_downgrade+0x740/0x740 [ 2819.793139] ? ioctl_preallocate+0x1c0/0x1c0 [ 2819.793151] ? __fget+0x237/0x370 [ 2819.793166] ? security_file_ioctl+0x89/0xb0 [ 2819.793185] SyS_ioctl+0x8f/0xc0 [ 2819.793195] ? do_vfs_ioctl+0x1060/0x1060 [ 2819.793208] do_syscall_64+0x1e8/0x640 [ 2819.793218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2819.793236] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2819.793244] RIP: 0033:0x45b399 [ 2819.793250] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2819.793261] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2819.793270] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2819.816660] 0 pages in swap cache [ 2819.819154] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2819.819160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2819.819166] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2819.824247] warn_alloc_show_mem: 3 callbacks suppressed [ 2819.824251] Mem-Info: [ 2819.846394] Swap cache stats: add 0, delete 0, find 0/0 [ 2819.847555] active_anon:1289141 inactive_anon:1219 isolated_anon:0 [ 2819.847555] active_file:2647 inactive_file:21475 isolated_file:32 [ 2819.847555] unevictable:0 dirty:18 writeback:0 unstable:0 [ 2819.847555] slab_reclaimable:28199 slab_unreclaimable:111824 [ 2819.847555] mapped:58573 shmem:244 pagetables:33014 bounce:0 [ 2819.847555] free:27096 free_pcp:441 free_cma:0 [ 2819.859634] Free swap = 0kB 12:41:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2819.951768] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2819.951788] Node 1 active_anon:3289376kB inactive_anon:12kB active_file:10572kB inactive_file:84688kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:25376kB dirty:68kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2820.010000] Total swap = 0kB [ 2820.106586] Node 0 [ 2820.142764] 1965979 pages RAM [ 2820.157243] 0 pages HighMem/MovableOnly [ 2820.161825] 335855 pages reserved [ 2820.166374] 0 pages cma reserved 12:41:10 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2820.207077] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2820.241960] lowmem_reserve[]: 0 2569 2569 2569 2569 12:41:10 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2820.249715] Node 0 DMA32 free:27344kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:808kB local_pcp:128kB free_cma:0kB [ 2820.296409] lowmem_reserve[]: 0 0 0 0 0 [ 2820.314129] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2820.344474] lowmem_reserve[]: 0 0 0 0 0 12:41:10 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:10 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2820.351211] Node 1 Normal free:118180kB min:53504kB low:66880kB high:80256kB active_anon:3271644kB inactive_anon:12kB active_file:11568kB inactive_file:56180kB unevictable:0kB writepending:136kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23392kB pagetables:75532kB bounce:0kB free_pcp:1176kB local_pcp:712kB free_cma:0kB [ 2820.387487] lowmem_reserve[]: 0 0 0 0 0 [ 2820.399441] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2820.693642] Node 0 DMA32: 415*4kB (UMEH) 2169*8kB (UMEH) 510*16kB (UMEH) 2*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27236kB [ 2820.764031] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2820.818977] Node 1 Normal: 0*4kB 2*8kB (ME) 9*16kB (UM) 9*32kB (UE) 112*64kB (UME) 191*128kB (UME) 125*256kB (UME) 31*512kB (UME) 2*1024kB (M) 1*2048kB (M) 1*4096kB (M) = 88128kB [ 2820.939899] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2820.992547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2821.042878] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 12:41:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2821.101906] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12:41:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2821.146600] 22386 total pagecache pages [ 2821.165492] 0 pages in swap cache [ 2821.168988] Swap cache stats: add 0, delete 0, find 0/0 [ 2821.180973] Free swap = 0kB [ 2821.184026] Total swap = 0kB [ 2821.187131] 1965979 pages RAM [ 2821.191428] 0 pages HighMem/MovableOnly 12:41:11 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2821.197138] 335855 pages reserved [ 2821.200845] 0 pages cma reserved 12:41:11 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2821.731095] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2821.788335] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2821.823075] CPU: 1 PID: 30260 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2821.831013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2821.840986] Call Trace: [ 2821.843601] dump_stack+0x142/0x197 [ 2821.847252] warn_alloc.cold+0x96/0x1af [ 2821.851392] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2821.856261] ? wait_for_completion+0x420/0x420 [ 2821.860867] __alloc_pages_slowpath+0x23c6/0x2930 [ 2821.865738] ? warn_alloc+0xf0/0xf0 [ 2821.869390] ? __might_sleep+0x93/0xb0 [ 2821.869939] syz-executor.1: [ 2821.873289] __alloc_pages_nodemask+0x62c/0x7a0 [ 2821.873302] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2821.873312] ? retint_kernel+0x2d/0x2d [ 2821.873331] alloc_pages_current+0xec/0x1e0 [ 2821.873347] kvm_mmu_create+0xdf/0x1e0 [ 2821.873360] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2821.873375] kvm_vcpu_init+0x272/0x360 [ 2821.873388] vmx_create_vcpu+0xfc/0x2aa0 [ 2821.873398] ? mutex_trylock+0x1c0/0x1c0 [ 2821.873420] ? handle_rdmsr+0x6e0/0x6e0 [ 2821.873432] ? wait_for_completion+0x420/0x420 [ 2821.873446] kvm_arch_vcpu_create+0x8c/0xc0 [ 2821.873458] kvm_vm_ioctl+0x501/0x1600 [ 2821.873469] ? __lock_acquire+0x5f7/0x4620 [ 2821.873481] ? kvm_vcpu_release+0xa0/0xa0 [ 2821.873492] ? trace_hardirqs_on+0x10/0x10 [ 2821.873508] ? trace_hardirqs_on+0x10/0x10 [ 2821.873517] ? __might_fault+0x110/0x1d0 [ 2821.873529] ? save_trace+0x290/0x290 [ 2821.873540] ? trace_hardirqs_on_caller+0x400/0x590 [ 2821.873552] ? __fget+0x210/0x370 [ 2821.873563] ? find_held_lock+0x35/0x130 [ 2821.873574] ? __fget+0x210/0x370 [ 2821.873587] ? kvm_vcpu_release+0xa0/0xa0 [ 2821.873598] do_vfs_ioctl+0x7ae/0x1060 [ 2821.873611] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2821.893546] page allocation failure: order:0 [ 2821.894494] ? lock_downgrade+0x740/0x740 [ 2821.894510] ? ioctl_preallocate+0x1c0/0x1c0 [ 2821.894523] ? __fget+0x237/0x370 [ 2821.894541] ? security_file_ioctl+0x89/0xb0 [ 2821.894554] SyS_ioctl+0x8f/0xc0 [ 2821.894565] ? do_vfs_ioctl+0x1060/0x1060 [ 2821.924966] syz-executor.2: [ 2821.927583] do_syscall_64+0x1e8/0x640 [ 2821.927595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2821.927613] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2821.927622] RIP: 0033:0x45b399 [ 2821.927627] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2821.927639] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2821.927644] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2821.927650] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2821.927655] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2821.927667] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2821.932913] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2822.082891] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2822.103129] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2822.109984] CPU: 0 PID: 30272 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2822.117895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2822.127260] Call Trace: [ 2822.129866] dump_stack+0x142/0x197 [ 2822.133516] warn_alloc.cold+0x96/0x1af [ 2822.137506] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2822.142363] ? check_preemption_disabled+0x3c/0x250 [ 2822.147391] ? retint_kernel+0x2d/0x2d [ 2822.151304] __alloc_pages_slowpath+0x23c6/0x2930 [ 2822.156174] ? warn_alloc+0xf0/0xf0 [ 2822.159847] ? __might_sleep+0x93/0xb0 [ 2822.163765] __alloc_pages_nodemask+0x62c/0x7a0 [ 2822.168446] ? retint_kernel+0x2d/0x2d [ 2822.172350] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2822.177388] ? __sanitizer_cov_trace_pc+0x9/0x60 [ 2822.182190] alloc_pages_current+0xec/0x1e0 [ 2822.185189] Mem-Info: [ 2822.186523] kvm_mmu_create+0xdf/0x1e0 [ 2822.186538] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2822.186553] kvm_vcpu_init+0x272/0x360 [ 2822.186567] vmx_create_vcpu+0xfc/0x2aa0 [ 2822.186579] ? check_preemption_disabled+0x3c/0x250 [ 2822.186592] ? retint_kernel+0x2d/0x2d [ 2822.195358] active_anon:1286973 inactive_anon:1219 isolated_anon:0 [ 2822.195358] active_file:2896 inactive_file:15529 isolated_file:0 [ 2822.195358] unevictable:0 dirty:24 writeback:0 unstable:0 [ 2822.195358] slab_reclaimable:28565 slab_unreclaimable:111057 [ 2822.195358] mapped:58573 shmem:244 pagetables:32986 bounce:0 [ 2822.195358] free:35816 free_pcp:219 free_cma:0 [ 2822.197238] ? handle_rdmsr+0x6e0/0x6e0 [ 2822.197258] kvm_arch_vcpu_create+0x8c/0xc0 [ 2822.197272] kvm_vm_ioctl+0x501/0x1600 [ 2822.197284] ? __lock_acquire+0x5f7/0x4620 12:41:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2822.209595] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2822.210226] ? find_held_lock+0x35/0x130 [ 2822.210242] ? kvm_vcpu_release+0xa0/0xa0 [ 2822.210253] ? retint_kernel+0x2d/0x2d [ 2822.210265] ? trace_hardirqs_on_caller+0x400/0x590 [ 2822.221596] Node 1 active_anon:3277104kB inactive_anon:12kB active_file:11572kB inactive_file:59012kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:92kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2822.248005] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2822.248019] ? check_preemption_disabled+0x3c/0x250 [ 2822.248031] ? retint_kernel+0x2d/0x2d [ 2822.248048] ? selinux_file_ioctl+0x19a/0x560 [ 2822.248060] ? selinux_file_ioctl+0x213/0x560 [ 2822.248073] ? kvm_vcpu_release+0xa0/0xa0 [ 2822.248084] do_vfs_ioctl+0x7ae/0x1060 [ 2822.248094] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2822.248104] ? lock_downgrade+0x740/0x740 [ 2822.248115] ? ioctl_preallocate+0x1c0/0x1c0 [ 2822.248127] ? __fget+0x237/0x370 [ 2822.248143] ? security_file_ioctl+0x89/0xb0 [ 2822.301693] Node 0 [ 2822.304178] SyS_ioctl+0x8f/0xc0 [ 2822.304191] ? do_vfs_ioctl+0x1060/0x1060 [ 2822.304206] do_syscall_64+0x1e8/0x640 [ 2822.304217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2822.304234] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2822.304245] RIP: 0033:0x45b399 12:41:12 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2822.311611] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2822.336966] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2822.336979] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2822.336984] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2822.336989] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2822.336993] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2822.336998] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2822.712496] (null) 12:41:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2822.735291] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2822.798292] CPU: 0 PID: 30269 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2822.806234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2822.815597] Call Trace: [ 2822.818199] dump_stack+0x142/0x197 [ 2822.821848] warn_alloc.cold+0x96/0x1af [ 2822.825840] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2822.830699] ? check_preemption_disabled+0x3c/0x250 [ 2822.835738] ? retint_kernel+0x2d/0x2d [ 2822.839653] __alloc_pages_slowpath+0x23c6/0x2930 [ 2822.844523] ? warn_alloc+0xf0/0xf0 [ 2822.848166] ? __might_sleep+0x93/0xb0 [ 2822.852080] __alloc_pages_nodemask+0x62c/0x7a0 [ 2822.856772] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2822.861799] ? check_preemption_disabled+0x3c/0x250 [ 2822.866950] alloc_pages_current+0xec/0x1e0 [ 2822.871298] kvm_mmu_create+0xdf/0x1e0 [ 2822.875226] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2822.879654] kvm_vcpu_init+0x272/0x360 [ 2822.883554] vmx_create_vcpu+0xfc/0x2aa0 [ 2822.887626] ? check_preemption_disabled+0x3c/0x250 [ 2822.892653] ? retint_kernel+0x2d/0x2d [ 2822.896557] ? handle_rdmsr+0x6e0/0x6e0 [ 2822.900545] ? kvm_arch_vcpu_create+0x61/0xc0 [ 2822.905683] kvm_arch_vcpu_create+0x8c/0xc0 [ 2822.910023] kvm_vm_ioctl+0x501/0x1600 [ 2822.913932] ? __lock_acquire+0x5f7/0x4620 [ 2822.918174] ? mark_held_locks+0xb1/0x100 [ 2822.922339] ? kvm_vcpu_release+0xa0/0xa0 [ 2822.926517] ? trace_hardirqs_on+0x10/0x10 [ 2822.930770] ? trace_hardirqs_on+0x10/0x10 [ 2822.935087] ? retint_kernel+0x2d/0x2d [ 2822.939013] ? save_trace+0x290/0x290 [ 2822.942820] ? trace_hardirqs_on_caller+0x400/0x590 [ 2822.947858] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2822.952626] ? __fget+0x210/0x370 [ 2822.956091] ? retint_kernel+0x2d/0x2d [ 2822.960001] ? trace_hardirqs_on_caller+0x400/0x590 [ 2822.965034] ? kvm_vcpu_release+0xa0/0xa0 [ 2822.969227] do_vfs_ioctl+0x7ae/0x1060 [ 2822.973126] ? check_preemption_disabled+0x3c/0x250 [ 2822.978153] ? ioctl_preallocate+0x1c0/0x1c0 [ 2822.982584] ? security_file_ioctl+0x40/0xb0 [ 2822.987099] ? security_file_ioctl+0x51/0xb0 [ 2822.991526] ? security_file_ioctl+0x89/0xb0 [ 2822.996046] SyS_ioctl+0x8f/0xc0 [ 2822.999431] ? do_vfs_ioctl+0x1060/0x1060 [ 2823.003597] do_syscall_64+0x1e8/0x640 [ 2823.006582] lowmem_reserve[]: [ 2823.007494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2823.007512] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2823.010822] 0 [ 2823.016441] RIP: 0033:0x45b399 [ 2823.016448] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2823.016457] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2823.016462] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2823.016467] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2823.016472] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2823.016476] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2823.114328] 2569 2569 2569 2569 [ 2823.118998] Node 0 DMA32 free:27276kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:224kB local_pcp:124kB free_cma:0kB [ 2823.153106] lowmem_reserve[]: 0 0 0 0 0 [ 2823.157304] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2823.196101] lowmem_reserve[]: 0 0 0 0 0 [ 2823.218005] Node 1 Normal free:95704kB min:53504kB low:66880kB high:80256kB active_anon:3283420kB inactive_anon:12kB active_file:12784kB inactive_file:66020kB unevictable:0kB writepending:9860kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23648kB pagetables:75932kB bounce:0kB free_pcp:1252kB local_pcp:628kB free_cma:0kB [ 2823.257195] lowmem_reserve[]: 0 0 0 0 0 [ 2823.261414] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2823.283345] Node 0 DMA32: 407*4kB (UMH) 2173*8kB (UMH) 510*16kB (UMH) 4*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27300kB [ 2823.298061] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2823.313991] Node 1 Normal: 1750*4kB (UM) 768*8kB (UME) 704*16kB (UME) 215*32kB (UME) 71*64kB (UME) 194*128kB (UME) 117*256kB (UME) 31*512kB (UME) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 111608kB [ 2823.327806] Mem-Info: [ 2823.337830] active_anon:1288474 inactive_anon:1219 isolated_anon:0 [ 2823.337830] active_file:3224 inactive_file:12599 isolated_file:0 [ 2823.337830] unevictable:0 dirty:13 writeback:21 unstable:0 [ 2823.337830] slab_reclaimable:28859 slab_unreclaimable:110320 [ 2823.337830] mapped:58573 shmem:244 pagetables:33002 bounce:0 [ 2823.337830] free:37330 free_pcp:390 free_cma:0 [ 2823.350840] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.384140] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2823.392588] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.412921] Node 1 active_anon:3283108kB inactive_anon:12kB active_file:12884kB inactive_file:50392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:48kB writeback:84kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2823.425193] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.449437] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2823.464965] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.487552] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2823.498125] 16089 total pagecache pages [ 2823.499231] Node 0 [ 2823.503512] 0 pages in swap cache [ 2823.503589] DMA32 free:27276kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:228kB local_pcp:104kB free_cma:0kB [ 2823.505932] Swap cache stats: add 0, delete 0, find 0/0 [ 2823.509407] lowmem_reserve[]: [ 2823.538446] Free swap = 0kB [ 2823.550948] Total swap = 0kB [ 2823.554120] 1965979 pages RAM [ 2823.554296] 0 [ 2823.557369] 0 pages HighMem/MovableOnly [ 2823.563840] 335855 pages reserved 12:41:13 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2823.567480] 0 pages cma reserved [ 2823.567984] 0 0 0 0 [ 2823.598450] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2823.629609] lowmem_reserve[]: 0 0 0 0 0 [ 2823.635571] Node 1 Normal free:111288kB min:53504kB low:66880kB high:80256kB active_anon:3284016kB inactive_anon:12kB active_file:12784kB inactive_file:50388kB unevictable:0kB writepending:132kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23776kB pagetables:75828kB bounce:0kB free_pcp:480kB local_pcp:100kB free_cma:0kB [ 2823.686136] lowmem_reserve[]: 0 0 0 0 0 [ 2823.704565] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2823.727590] Node 0 DMA32: 407*4kB (UMH) 2174*8kB (UMH) 511*16kB (UMH) 5*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27356kB [ 2823.747893] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2823.766609] Node 1 Normal: 446*4kB (UME) 709*8kB (UME) 722*16kB (UME) 221*32kB (UME) 70*64kB (UME) 196*128kB (UME) 117*256kB (UME) 31*512kB (UME) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 106592kB [ 2823.791701] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.805192] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.816592] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.908132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.953134] 20159 total pagecache pages [ 2823.975735] 0 pages in swap cache [ 2823.994201] Swap cache stats: add 0, delete 0, find 0/0 [ 2824.015160] Free swap = 0kB [ 2824.028840] Total swap = 0kB [ 2824.044232] 1965979 pages RAM [ 2824.056804] 0 pages HighMem/MovableOnly [ 2824.076458] 335855 pages reserved [ 2824.104416] 0 pages cma reserved [ 2824.133919] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2824.146510] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2824.153031] CPU: 1 PID: 30334 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2824.161140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2824.170500] Call Trace: [ 2824.173099] dump_stack+0x142/0x197 [ 2824.176745] warn_alloc.cold+0x96/0x1af [ 2824.180730] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2824.185593] ? wait_for_completion+0x420/0x420 [ 2824.190199] __alloc_pages_slowpath+0x23c6/0x2930 [ 2824.195066] ? warn_alloc+0xf0/0xf0 [ 2824.198719] ? __might_sleep+0x93/0xb0 [ 2824.202627] __alloc_pages_nodemask+0x62c/0x7a0 [ 2824.207310] ? check_preemption_disabled+0x3c/0x250 [ 2824.212452] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2824.217465] ? alloc_pages_current+0x19b/0x1e0 [ 2824.222056] alloc_pages_current+0xec/0x1e0 [ 2824.226449] kvm_mmu_create+0xdf/0x1e0 [ 2824.230353] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2824.234751] kvm_vcpu_init+0x272/0x360 [ 2824.238639] vmx_create_vcpu+0xfc/0x2aa0 [ 2824.242697] ? check_preemption_disabled+0x3c/0x250 [ 2824.247893] ? handle_rdmsr+0x6e0/0x6e0 [ 2824.251901] kvm_arch_vcpu_create+0x8c/0xc0 [ 2824.256231] kvm_vm_ioctl+0x501/0x1600 [ 2824.260235] ? __lock_acquire+0x5f7/0x4620 [ 2824.264595] ? find_held_lock+0x35/0x130 [ 2824.268659] ? kvm_vcpu_release+0xa0/0xa0 [ 2824.272807] ? trace_hardirqs_on+0x10/0x10 [ 2824.277058] ? trace_hardirqs_on+0x10/0x10 [ 2824.281300] ? __might_fault+0x110/0x1d0 [ 2824.285375] ? save_trace+0x290/0x290 [ 2824.289177] ? __might_fault+0x110/0x1d0 [ 2824.293332] ? __fget+0x210/0x370 [ 2824.296823] ? retint_kernel+0x2d/0x2d [ 2824.300728] ? kvm_vcpu_release+0xa0/0xa0 [ 2824.304881] do_vfs_ioctl+0x7ae/0x1060 [ 2824.308833] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2824.313588] ? check_preemption_disabled+0x3c/0x250 [ 2824.318600] ? ioctl_preallocate+0x1c0/0x1c0 [ 2824.323140] ? security_file_ioctl+0x89/0xb0 [ 2824.327750] SyS_ioctl+0x8f/0xc0 [ 2824.331116] ? do_vfs_ioctl+0x1060/0x1060 [ 2824.335274] do_syscall_64+0x1e8/0x640 [ 2824.339248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2824.344228] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2824.349467] RIP: 0033:0x45b399 [ 2824.352644] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2824.360359] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2824.367708] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2824.374994] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:41:14 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:14 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:14 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2824.382267] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2824.389781] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2824.418984] warn_alloc_show_mem: 1 callbacks suppressed [ 2824.419003] Mem-Info: 12:41:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2824.432519] active_anon:1288411 inactive_anon:1219 isolated_anon:0 [ 2824.432519] active_file:3236 inactive_file:16694 isolated_file:2 [ 2824.432519] unevictable:0 dirty:17 writeback:0 unstable:0 [ 2824.432519] slab_reclaimable:29039 slab_unreclaimable:109778 [ 2824.432519] mapped:58573 shmem:244 pagetables:32983 bounce:0 [ 2824.432519] free:33701 free_pcp:278 free_cma:0 [ 2824.478615] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208916kB dirty:0kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2824.525619] Node 1 active_anon:3283056kB inactive_anon:12kB active_file:12940kB inactive_file:60472kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:168kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2824.556089] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 12:41:14 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2824.583507] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2824.625179] Node 0 DMA32 free:27412kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:248kB local_pcp:120kB free_cma:0kB [ 2824.733068] lowmem_reserve[]: 0 0 0 0 0 [ 2824.771662] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 12:41:14 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2824.896123] lowmem_reserve[]: 0 0 0 0 0 [ 2824.908381] Node 1 Normal free:102864kB min:53504kB low:66880kB high:80256kB active_anon:3289956kB inactive_anon:12kB active_file:12940kB inactive_file:54472kB unevictable:0kB writepending:4360kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23712kB pagetables:75900kB bounce:0kB free_pcp:436kB local_pcp:160kB free_cma:0kB [ 2825.035107] lowmem_reserve[]: 0 0 0 0 0 [ 2825.057423] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2825.105237] Node 0 DMA32: 406*4kB (UMH) 2173*8kB (UMEH) 511*16kB (UMEH) 3*32kB (EH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27280kB [ 2825.152609] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2825.195583] Node 1 Normal: 1*4kB (M) 7*8kB (U) 22*16kB (U) 0*32kB 26*64kB (UME) 204*128kB (UME) 128*256kB (UME) 32*512kB (UME) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 82460kB 12:41:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:15 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2825.265974] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2825.323877] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2825.355140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2825.389040] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2825.442534] 19084 total pagecache pages [ 2825.484314] 0 pages in swap cache [ 2825.511444] Swap cache stats: add 0, delete 0, find 0/0 [ 2825.544355] Free swap = 0kB [ 2825.558308] Total swap = 0kB 12:41:15 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2825.571462] 1965979 pages RAM [ 2825.601519] 0 pages HighMem/MovableOnly [ 2825.616875] 335855 pages reserved [ 2825.632608] 0 pages cma reserved [ 2826.190663] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2826.208053] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2826.232720] CPU: 0 PID: 30352 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2826.240655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2826.250021] Call Trace: [ 2826.252621] dump_stack+0x142/0x197 [ 2826.256269] warn_alloc.cold+0x96/0x1af [ 2826.260255] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2826.265122] ? wait_for_completion+0x420/0x420 [ 2826.269740] __alloc_pages_slowpath+0x23c6/0x2930 [ 2826.274611] ? warn_alloc+0xf0/0xf0 [ 2826.278258] ? __might_sleep+0x93/0xb0 [ 2826.282168] __alloc_pages_nodemask+0x62c/0x7a0 [ 2826.286848] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2826.291616] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2826.296646] ? check_preemption_disabled+0x3c/0x250 [ 2826.301684] alloc_pages_current+0xec/0x1e0 [ 2826.306021] ? kvm_set_tsc_khz+0x188/0x490 [ 2826.310389] kvm_mmu_create+0xdf/0x1e0 [ 2826.314293] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2826.318746] kvm_vcpu_init+0x272/0x360 [ 2826.322675] vmx_create_vcpu+0xfc/0x2aa0 [ 2826.326751] ? mutex_trylock+0x1c0/0x1c0 [ 2826.330834] ? handle_rdmsr+0x6e0/0x6e0 [ 2826.334820] ? wait_for_completion+0x420/0x420 [ 2826.339420] kvm_arch_vcpu_create+0x8c/0xc0 [ 2826.343758] kvm_vm_ioctl+0x501/0x1600 [ 2826.347660] ? __lock_acquire+0x5f7/0x4620 [ 2826.351912] ? trace_hardirqs_on_caller+0x400/0x590 [ 2826.356962] ? kvm_vcpu_release+0xa0/0xa0 [ 2826.361128] ? retint_kernel+0x2d/0x2d [ 2826.365080] ? trace_hardirqs_on_caller+0x400/0x590 [ 2826.370145] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2826.374913] ? check_preemption_disabled+0x3c/0x250 [ 2826.379944] ? retint_kernel+0x2d/0x2d [ 2826.383856] ? selinux_file_ioctl+0x24a/0x560 [ 2826.388367] ? kvm_vcpu_release+0xa0/0xa0 [ 2826.392523] do_vfs_ioctl+0x7ae/0x1060 [ 2826.396428] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2826.401198] ? lock_downgrade+0x740/0x740 [ 2826.405373] ? ioctl_preallocate+0x1c0/0x1c0 [ 2826.409803] ? __fget+0x237/0x370 [ 2826.413270] ? security_file_ioctl+0x89/0xb0 [ 2826.417691] SyS_ioctl+0x8f/0xc0 [ 2826.421256] ? do_vfs_ioctl+0x1060/0x1060 [ 2826.425416] do_syscall_64+0x1e8/0x640 [ 2826.429312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2826.434173] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2826.439370] RIP: 0033:0x45b399 [ 2826.442564] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2826.450282] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2826.457567] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2826.464931] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2826.472211] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 12:41:16 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2826.479545] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2826.516919] Mem-Info: [ 2826.519624] active_anon:1295839 inactive_anon:1219 isolated_anon:0 [ 2826.519624] active_file:3042 inactive_file:14399 isolated_file:3 [ 2826.519624] unevictable:0 dirty:620 writeback:0 unstable:0 [ 2826.519624] slab_reclaimable:29284 slab_unreclaimable:109259 [ 2826.519624] mapped:58573 shmem:244 pagetables:33028 bounce:0 [ 2826.519624] free:28737 free_pcp:483 free_cma:0 [ 2826.563135] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2826.595809] Node 1 active_anon:3312568kB inactive_anon:12kB active_file:12168kB inactive_file:54792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:2476kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2826.628718] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2826.661196] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2826.666653] Node 0 DMA32 free:27280kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:720kB local_pcp:96kB free_cma:0kB [ 2826.700480] lowmem_reserve[]: 0 0 0 0 0 [ 2826.701823] syz-executor.1: [ 2826.705038] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2826.708457] page allocation failure: order:0 [ 2826.739420] lowmem_reserve[]: 0 0 0 0 0 [ 2826.749444] Node 1 Normal free:88384kB min:53504kB low:66880kB high:80256kB active_anon:3312668kB inactive_anon:12kB active_file:12168kB inactive_file:46792kB unevictable:0kB writepending:264kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23712kB pagetables:75932kB bounce:0kB free_pcp:1144kB local_pcp:512kB free_cma:0kB [ 2826.766801] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2826.788604] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2826.795635] lowmem_reserve[]: 0 0 0 0 0 [ 2826.796458] CPU: 1 PID: 30349 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2826.804396] Node 0 [ 2826.807937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2826.807942] Call Trace: [ 2826.807963] dump_stack+0x142/0x197 [ 2826.807977] warn_alloc.cold+0x96/0x1af [ 2826.807998] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2826.810534] DMA: [ 2826.819715] ? wait_for_completion+0x420/0x420 [ 2826.819732] __alloc_pages_slowpath+0x23c6/0x2930 [ 2826.819758] ? warn_alloc+0xf0/0xf0 [ 2826.819780] ? __might_sleep+0x93/0xb0 [ 2826.826737] 2*4kB [ 2826.831140] __alloc_pages_nodemask+0x62c/0x7a0 [ 2826.831154] ? rcu_read_lock_sched_held+0x110/0x130 [ 2826.831164] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2826.831185] alloc_pages_current+0xec/0x1e0 [ 2826.831200] kvm_mmu_create+0xdf/0x1e0 [ 2826.831213] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2826.831226] kvm_vcpu_init+0x272/0x360 [ 2826.831240] vmx_create_vcpu+0xfc/0x2aa0 [ 2826.831259] ? handle_rdmsr+0x6e0/0x6e0 [ 2826.831271] ? wait_for_completion+0x420/0x420 [ 2826.831285] kvm_arch_vcpu_create+0x8c/0xc0 [ 2826.836365] (UE) [ 2826.838214] kvm_vm_ioctl+0x501/0x1600 [ 2826.838228] ? __lock_acquire+0x5f7/0x4620 [ 2826.838245] ? kvm_vcpu_release+0xa0/0xa0 [ 2826.846923] 6*8kB [ 2826.847770] ? retint_kernel+0x2d/0x2d [ 2826.847786] ? trace_hardirqs_on_caller+0x400/0x590 [ 2826.851714] (UH) [ 2826.855331] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2826.855353] ? check_preemption_disabled+0x3c/0x250 [ 2826.855373] ? retint_kernel+0x2d/0x2d [ 2826.857692] 5*16kB [ 2826.862221] ? selinux_file_ioctl+0x19a/0x560 [ 2826.862233] ? selinux_file_ioctl+0x213/0x560 [ 2826.862245] ? kvm_vcpu_release+0xa0/0xa0 [ 2826.862256] do_vfs_ioctl+0x7ae/0x1060 [ 2826.862268] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2826.862278] ? lock_downgrade+0x740/0x740 [ 2826.862288] ? ioctl_preallocate+0x1c0/0x1c0 [ 2826.862300] ? __fget+0x237/0x370 [ 2826.862317] ? security_file_ioctl+0x89/0xb0 [ 2826.862330] SyS_ioctl+0x8f/0xc0 [ 2826.862339] ? do_vfs_ioctl+0x1060/0x1060 [ 2826.862353] do_syscall_64+0x1e8/0x640 [ 2826.862362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2826.862380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2826.862389] RIP: 0033:0x45b399 [ 2826.862394] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2826.862405] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2826.862411] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2826.862416] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2826.862421] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2826.862427] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2827.406622] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2827.418265] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2827.424462] CPU: 1 PID: 30394 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2827.432369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2827.441743] Call Trace: [ 2827.444350] dump_stack+0x142/0x197 [ 2827.448057] warn_alloc.cold+0x96/0x1af [ 2827.452049] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2827.456917] ? wait_for_completion+0x420/0x420 [ 2827.461522] __alloc_pages_slowpath+0x23c6/0x2930 [ 2827.466390] ? warn_alloc+0xf0/0xf0 [ 2827.470037] ? __might_sleep+0x93/0xb0 [ 2827.473938] __alloc_pages_nodemask+0x62c/0x7a0 [ 2827.478616] ? retint_kernel+0x2d/0x2d [ 2827.482627] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2827.487655] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2827.492424] ? check_preemption_disabled+0x3c/0x250 [ 2827.497457] ? retint_kernel+0x2d/0x2d [ 2827.501360] alloc_pages_current+0xec/0x1e0 [ 2827.505692] kvm_mmu_create+0xdf/0x1e0 [ 2827.509586] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2827.514069] kvm_vcpu_init+0x272/0x360 [ 2827.517972] vmx_create_vcpu+0xfc/0x2aa0 [ 2827.522057] ? check_preemption_disabled+0x3c/0x250 [ 2827.527089] ? handle_rdmsr+0x6e0/0x6e0 [ 2827.531079] kvm_arch_vcpu_create+0x8c/0xc0 [ 2827.535415] kvm_vm_ioctl+0x501/0x1600 [ 2827.539343] ? __lock_acquire+0x5f7/0x4620 [ 2827.543588] ? trace_hardirqs_on_caller+0x400/0x590 [ 2827.548755] ? kvm_vcpu_release+0xa0/0xa0 [ 2827.552923] ? trace_hardirqs_on+0x10/0x10 [ 2827.556024] (UEH) 4*32kB [ 2827.557168] ? save_trace+0x290/0x290 [ 2827.557181] ? lock_release+0x44d/0x940 [ 2827.563967] (UMEH) 3*64kB [ 2827.567868] ? __fget+0x210/0x370 [ 2827.567882] ? retint_kernel+0x2d/0x2d [ 2827.571508] (UMH) [ 2827.574183] ? kvm_vcpu_release+0xa0/0xa0 [ 2827.578046] 4*128kB [ 2827.580187] do_vfs_ioctl+0x7ae/0x1060 [ 2827.580199] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2827.580208] ? check_preemption_disabled+0x3c/0x250 [ 2827.580217] ? ioctl_preallocate+0x1c0/0x1c0 [ 2827.580236] ? security_file_ioctl+0x89/0xb0 [ 2827.580246] SyS_ioctl+0x8f/0xc0 [ 2827.580255] ? do_vfs_ioctl+0x1060/0x1060 [ 2827.580267] do_syscall_64+0x1e8/0x640 [ 2827.580277] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2827.580295] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2827.580302] RIP: 0033:0x45b399 [ 2827.580307] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2827.580317] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2827.580322] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2827.580327] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2827.580335] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2827.588263] (UMEH) [ 2827.590693] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2827.593109] warn_alloc_show_mem: 1 callbacks suppressed [ 2827.593125] Mem-Info: [ 2827.604565] 3*256kB [ 2827.606818] active_anon:1295830 inactive_anon:1219 isolated_anon:0 [ 2827.606818] active_file:3046 inactive_file:5034 isolated_file:0 12:41:17 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:17 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:17 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2827.606818] unevictable:0 dirty:17 writeback:0 unstable:0 [ 2827.606818] slab_reclaimable:29455 slab_unreclaimable:108725 [ 2827.606818] mapped:58573 shmem:244 pagetables:33038 bounce:0 [ 2827.606818] free:38440 free_pcp:552 free_cma:0 [ 2827.610389] (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2827.610425] Node 0 DMA32: 406*4kB (UMH) 2176*8kB (UMEH) 511*16kB (UMEH) 3*32kB (EH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27304kB [ 2827.614442] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2827.618041] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2827.618090] Node 1 Normal: 730*4kB (ME) 690*8kB (UM) 469*16kB (UME) 283*32kB (UM) 177*64kB (UME) [ 2827.622382] Node 1 active_anon:3312532kB inactive_anon:12kB active_file:12172kB inactive_file:20132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:64kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2827.631539] 206*128kB [ 2827.633392] Node 0 [ 2827.635778] (UME) 124*256kB (UME) 35*512kB (UME) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 116456kB [ 2827.635820] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2827.635825] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2827.635831] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2827.635838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2827.635842] 8325 total pagecache pages [ 2827.635852] 0 pages in swap cache [ 2827.635858] Swap cache stats: add 0, delete 0, find 0/0 [ 2827.635861] Free swap = 0kB [ 2827.635872] Total swap = 0kB [ 2827.643931] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2827.656007] 1965979 pages RAM [ 2827.659099] lowmem_reserve[]: [ 2827.666280] 0 pages HighMem/MovableOnly [ 2827.673923] 0 [ 2827.680251] 335855 pages reserved [ 2827.683957] 2569 [ 2827.688991] 0 pages cma reserved [ 2827.691528] 2569 2569 2569 [ 2827.948842] Node 0 DMA32 free:27336kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:800kB local_pcp:588kB free_cma:0kB [ 2827.979044] lowmem_reserve[]: 0 0 0 0 0 [ 2827.984017] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2828.208119] lowmem_reserve[]: 0 0 0 0 0 [ 2828.220571] Node 1 Normal free:97316kB min:53504kB low:66880kB high:80256kB active_anon:3315076kB inactive_anon:12kB active_file:12172kB inactive_file:36792kB unevictable:0kB writepending:17156kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24000kB pagetables:76284kB bounce:0kB free_pcp:448kB local_pcp:144kB free_cma:0kB [ 2828.344758] lowmem_reserve[]: 0 0 0 0 0 [ 2828.400205] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2828.462166] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2828.474451] Node 0 DMA32: 407*4kB (UMEH) 2180*8kB (UMEH) 506*16kB (UMEH) 3*32kB (UH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27260kB [ 2828.521589] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2828.536292] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2828.554611] CPU: 1 PID: 30413 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2828.562548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2828.571922] Call Trace: [ 2828.574532] dump_stack+0x142/0x197 [ 2828.578176] warn_alloc.cold+0x96/0x1af [ 2828.582267] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2828.587151] ? wait_for_completion+0x420/0x420 [ 2828.591750] __alloc_pages_slowpath+0x23c6/0x2930 [ 2828.596624] ? warn_alloc+0xf0/0xf0 [ 2828.600274] ? __might_sleep+0x93/0xb0 [ 2828.604175] __alloc_pages_nodemask+0x62c/0x7a0 [ 2828.608867] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2828.613912] ? retint_kernel+0x2d/0x2d [ 2828.617824] alloc_pages_current+0xec/0x1e0 12:41:18 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2828.622176] kvm_mmu_create+0xdf/0x1e0 [ 2828.626093] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2828.630440] kvm_vcpu_init+0x272/0x360 [ 2828.634345] vmx_create_vcpu+0xfc/0x2aa0 [ 2828.638419] ? mutex_trylock+0x1c0/0x1c0 [ 2828.642641] ? handle_rdmsr+0x6e0/0x6e0 [ 2828.646627] ? wait_for_completion+0x420/0x420 [ 2828.651241] kvm_arch_vcpu_create+0x8c/0xc0 [ 2828.655695] kvm_vm_ioctl+0x501/0x1600 [ 2828.661945] ? __lock_acquire+0x5f7/0x4620 [ 2828.666195] ? mark_held_locks+0xb1/0x100 [ 2828.667281] syz-executor.2: [ 2828.670355] ? kvm_vcpu_release+0xa0/0xa0 [ 2828.670367] ? trace_hardirqs_on_caller+0x400/0x590 [ 2828.670385] ? trace_hardirqs_on+0x10/0x10 [ 2828.670395] ? __might_fault+0x110/0x1d0 [ 2828.670405] ? save_trace+0x290/0x290 [ 2828.670415] ? trace_hardirqs_on_caller+0x400/0x590 [ 2828.670425] ? __fget+0x210/0x370 [ 2828.670436] ? find_held_lock+0x35/0x130 [ 2828.670446] ? __fget+0x210/0x370 [ 2828.670457] ? kvm_vcpu_release+0xa0/0xa0 [ 2828.670469] do_vfs_ioctl+0x7ae/0x1060 12:41:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2828.670482] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2828.670492] ? lock_downgrade+0x740/0x740 [ 2828.670503] ? ioctl_preallocate+0x1c0/0x1c0 [ 2828.670516] ? __fget+0x237/0x370 [ 2828.670533] ? security_file_ioctl+0x89/0xb0 [ 2828.670546] SyS_ioctl+0x8f/0xc0 [ 2828.670556] ? do_vfs_ioctl+0x1060/0x1060 [ 2828.670570] do_syscall_64+0x1e8/0x640 [ 2828.670579] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2828.670596] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2828.670605] RIP: 0033:0x45b399 12:41:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2828.670610] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2828.670621] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2828.670628] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2828.670634] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2828.670639] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2828.670645] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2828.706449] Node 1 Normal: 763*4kB (UM) 363*8kB (UME) 55*16kB (ME) 45*32kB (UME) 46*64kB (UME) 198*128kB (UME) 126*256kB (UME) 37*512kB (UME) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 91860kB [ 2828.835568] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2828.855538] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2828.864440] page allocation failure: order:0 [ 2828.864466] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2828.864480] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2828.868968] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2828.897616] (null) [ 2828.906022] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2828.918031] 8855 total pagecache pages [ 2828.918913] CPU: 0 PID: 30406 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2828.928122] 0 pages in swap cache [ 2828.929916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2828.929920] Call Trace: [ 2828.929940] dump_stack+0x142/0x197 [ 2828.929956] warn_alloc.cold+0x96/0x1af [ 2828.929968] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2828.942233] Swap cache stats: add 0, delete 0, find 0/0 [ 2828.944256] ? check_preemption_disabled+0x3c/0x250 [ 2828.944282] __alloc_pages_slowpath+0x23c6/0x2930 [ 2828.944304] ? warn_alloc+0xf0/0xf0 [ 2828.947132] Free swap = 0kB [ 2828.950526] ? __might_sleep+0x93/0xb0 [ 2828.950542] __alloc_pages_nodemask+0x62c/0x7a0 [ 2828.950555] ? rcu_read_lock_sched_held+0x110/0x130 [ 2828.950565] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2828.950585] alloc_pages_current+0xec/0x1e0 [ 2828.950600] kvm_mmu_create+0xdf/0x1e0 [ 2828.956759] Total swap = 0kB [ 2828.959429] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2828.959447] kvm_vcpu_init+0x272/0x360 [ 2828.959461] vmx_create_vcpu+0xfc/0x2aa0 [ 2828.959472] ? mutex_trylock+0x1c0/0x1c0 [ 2828.959489] ? handle_rdmsr+0x6e0/0x6e0 [ 2828.968001] 1965979 pages RAM [ 2828.970555] ? wait_for_completion+0x420/0x420 [ 2828.970573] kvm_arch_vcpu_create+0x8c/0xc0 [ 2828.970588] kvm_vm_ioctl+0x501/0x1600 [ 2828.970599] ? __lock_acquire+0x5f7/0x4620 [ 2828.970609] ? do_futex+0x21d/0x19e0 [ 2828.970621] ? kvm_vcpu_release+0xa0/0xa0 [ 2828.970635] ? retint_kernel+0x2d/0x2d [ 2828.977574] 0 pages HighMem/MovableOnly [ 2828.979117] ? trace_hardirqs_on_caller+0x400/0x590 [ 2828.979132] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2828.979147] ? check_preemption_disabled+0x3c/0x250 [ 2828.979158] ? retint_kernel+0x2d/0x2d [ 2828.979175] ? selinux_file_ioctl+0x19a/0x560 [ 2828.982731] 335855 pages reserved [ 2828.986088] ? selinux_file_ioctl+0x213/0x560 [ 2828.986104] ? kvm_vcpu_release+0xa0/0xa0 [ 2828.986116] do_vfs_ioctl+0x7ae/0x1060 [ 2828.986127] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2828.986137] ? lock_downgrade+0x740/0x740 [ 2828.986147] ? ioctl_preallocate+0x1c0/0x1c0 [ 2828.986159] ? __fget+0x237/0x370 [ 2828.992103] 0 pages cma reserved [ 2828.996203] ? security_file_ioctl+0x89/0xb0 [ 2828.996219] SyS_ioctl+0x8f/0xc0 [ 2828.996230] ? do_vfs_ioctl+0x1060/0x1060 [ 2828.996245] do_syscall_64+0x1e8/0x640 [ 2828.996255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2828.996270] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2828.996278] RIP: 0033:0x45b399 [ 2828.996283] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2829.025087] Mem-Info: [ 2829.028990] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2829.028996] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2829.029001] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2829.029006] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2829.029011] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:19 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2829.250478] active_anon:1298110 inactive_anon:1219 isolated_anon:0 [ 2829.250478] active_file:3044 inactive_file:7370 isolated_file:3 [ 2829.250478] unevictable:0 dirty:2401 writeback:0 unstable:0 [ 2829.250478] slab_reclaimable:29687 slab_unreclaimable:108003 [ 2829.250478] mapped:58573 shmem:244 pagetables:33114 bounce:0 [ 2829.250478] free:34193 free_pcp:437 free_cma:0 12:41:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2829.303214] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2829.451659] Node 1 active_anon:3326652kB inactive_anon:12kB active_file:12176kB inactive_file:30376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:25376kB dirty:10400kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2829.488906] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2829.508474] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2829.519123] CPU: 0 PID: 30432 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2829.527052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2829.536413] Call Trace: [ 2829.539021] dump_stack+0x142/0x197 [ 2829.542665] warn_alloc.cold+0x96/0x1af [ 2829.546649] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2829.551508] ? check_preemption_disabled+0x3c/0x250 [ 2829.556539] ? retint_kernel+0x2d/0x2d [ 2829.560449] __alloc_pages_slowpath+0x23c6/0x2930 [ 2829.565333] ? warn_alloc+0xf0/0xf0 [ 2829.567608] Node 0 [ 2829.569107] ? __might_sleep+0x93/0xb0 [ 2829.569123] __alloc_pages_nodemask+0x62c/0x7a0 [ 2829.569136] ? rcu_read_lock_sched_held+0x110/0x130 [ 2829.569148] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2829.569167] alloc_pages_current+0xec/0x1e0 [ 2829.583602] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2829.585183] kvm_mmu_create+0xdf/0x1e0 [ 2829.585199] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2829.585220] kvm_vcpu_init+0x272/0x360 [ 2829.585235] vmx_create_vcpu+0xfc/0x2aa0 [ 2829.585246] ? mutex_trylock+0x1c0/0x1c0 [ 2829.585263] ? handle_rdmsr+0x6e0/0x6e0 [ 2829.645370] ? wait_for_completion+0x420/0x420 [ 2829.649993] kvm_arch_vcpu_create+0x8c/0xc0 [ 2829.654356] kvm_vm_ioctl+0x501/0x1600 [ 2829.658329] ? __lock_acquire+0x5f7/0x4620 [ 2829.662714] ? find_held_lock+0x35/0x130 [ 2829.667344] ? kvm_vcpu_release+0xa0/0xa0 [ 2829.671486] ? trace_hardirqs_on+0x10/0x10 [ 2829.675937] ? trace_hardirqs_on+0x10/0x10 [ 2829.680269] ? __might_fault+0x110/0x1d0 [ 2829.684339] ? save_trace+0x290/0x290 [ 2829.688149] ? __might_fault+0x110/0x1d0 [ 2829.692469] ? __fget+0x210/0x370 [ 2829.696063] ? find_held_lock+0x35/0x130 [ 2829.700140] ? __fget+0x210/0x370 [ 2829.703616] ? kvm_vcpu_release+0xa0/0xa0 [ 2829.707782] do_vfs_ioctl+0x7ae/0x1060 [ 2829.711691] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2829.716462] ? lock_downgrade+0x740/0x740 [ 2829.721136] ? ioctl_preallocate+0x1c0/0x1c0 [ 2829.725576] ? __fget+0x237/0x370 [ 2829.729022] ? security_file_ioctl+0x89/0xb0 [ 2829.733428] SyS_ioctl+0x8f/0xc0 [ 2829.736803] ? do_vfs_ioctl+0x1060/0x1060 [ 2829.740970] do_syscall_64+0x1e8/0x640 [ 2829.744869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2829.749729] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2829.754909] RIP: 0033:0x45b399 [ 2829.758103] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2829.766601] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2829.774243] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2829.781530] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2829.789765] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2829.797033] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2829.830256] lowmem_reserve[]: 0 2569 2569 2569 2569 12:41:19 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2829.852767] Node 0 DMA32 free:27460kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:852kB local_pcp:664kB free_cma:0kB 12:41:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2829.972597] lowmem_reserve[]: 0 0 0 0 0 [ 2829.977306] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2830.004608] lowmem_reserve[]: 0 0 0 0 0 [ 2830.021461] Node 1 Normal free:107752kB min:53504kB low:66880kB high:80256kB active_anon:3321652kB inactive_anon:12kB active_file:12176kB inactive_file:20176kB unevictable:0kB writepending:152kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23744kB pagetables:76424kB bounce:0kB free_pcp:1036kB local_pcp:640kB free_cma:0kB [ 2830.052923] lowmem_reserve[]: 0 0 0 0 0 [ 2830.058029] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2830.079044] Node 0 DMA32: 441*4kB (UMEH) 2182*8kB (UMH) 510*16kB (UMEH) 5*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27540kB [ 2830.099268] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2830.122234] Node 1 Normal: 781*4kB (UM) 631*8kB (UME) 497*16kB (UM) 131*32kB (ME) 83*64kB (UM) 198*128kB (UME) 127*256kB (UME) 40*512kB (UME) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 108060kB [ 2830.140001] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2830.152148] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2830.161523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2830.171451] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2830.261145] 8343 total pagecache pages [ 2830.382024] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2830.398836] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2830.407306] CPU: 0 PID: 30450 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2830.415232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2830.424595] Call Trace: [ 2830.427192] dump_stack+0x142/0x197 [ 2830.430830] warn_alloc.cold+0x96/0x1af [ 2830.434807] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2830.439670] ? wait_for_completion+0x420/0x420 [ 2830.444275] __alloc_pages_slowpath+0x23c6/0x2930 [ 2830.446982] 0 pages in swap cache [ 2830.449132] ? warn_alloc+0xf0/0xf0 [ 2830.452615] Swap cache stats: add 0, delete 0, find 0/0 [ 2830.456192] ? __might_sleep+0x93/0xb0 [ 2830.456205] __alloc_pages_nodemask+0x62c/0x7a0 [ 2830.461748] Free swap = 0kB [ 2830.465722] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2830.465733] ? retint_kernel+0x2d/0x2d [ 2830.465753] alloc_pages_current+0xec/0x1e0 [ 2830.470474] Total swap = 0kB [ 2830.473422] kvm_mmu_create+0xdf/0x1e0 [ 2830.478469] 1965979 pages RAM [ 2830.482332] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2830.482340] ? kvm_arch_vcpu_init+0x1/0x8e0 [ 2830.482352] kvm_vcpu_init+0x272/0x360 [ 2830.482366] vmx_create_vcpu+0xfc/0x2aa0 [ 2830.486824] 0 pages HighMem/MovableOnly [ 2830.489827] ? mutex_trylock+0x1c0/0x1c0 [ 2830.493746] 335855 pages reserved [ 2830.496825] ? retint_kernel+0x2d/0x2d [ 2830.496844] ? handle_rdmsr+0x6e0/0x6e0 [ 2830.496858] ? wait_for_completion+0x420/0x420 [ 2830.501204] 0 pages cma reserved [ 2830.505760] kvm_arch_vcpu_create+0x8c/0xc0 [ 2830.505774] kvm_vm_ioctl+0x501/0x1600 [ 2830.505788] ? __lock_acquire+0x5f7/0x4620 [ 2830.553791] ? do_futex+0x12b/0x19e0 [ 2830.557554] ? kvm_vcpu_release+0xa0/0xa0 [ 2830.561714] ? retint_kernel+0x2d/0x2d [ 2830.565616] ? trace_hardirqs_on_caller+0x400/0x590 [ 2830.570652] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2830.575422] ? check_preemption_disabled+0x3c/0x250 [ 2830.580474] ? retint_kernel+0x2d/0x2d [ 2830.584382] ? selinux_file_ioctl+0x83/0x560 [ 2830.588806] ? selinux_file_ioctl+0xb8/0x560 [ 2830.593239] ? kvm_vcpu_release+0xa0/0xa0 [ 2830.597396] do_vfs_ioctl+0x7ae/0x1060 [ 2830.601300] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2830.606066] ? lock_downgrade+0x740/0x740 [ 2830.610265] ? ioctl_preallocate+0x1c0/0x1c0 [ 2830.614688] ? __fget+0x237/0x370 [ 2830.618158] ? security_file_ioctl+0x89/0xb0 [ 2830.622580] SyS_ioctl+0x8f/0xc0 [ 2830.625986] ? do_vfs_ioctl+0x1060/0x1060 [ 2830.630157] do_syscall_64+0x1e8/0x640 [ 2830.634056] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2830.638924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2830.644242] RIP: 0033:0x45b399 [ 2830.647438] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2830.655270] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2830.662572] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2830.669857] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2830.677155] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2830.684441] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:20 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:20 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:20 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2830.827175] warn_alloc_show_mem: 2 callbacks suppressed [ 2830.827276] Mem-Info: [ 2830.857750] active_anon:1302569 inactive_anon:1219 isolated_anon:0 [ 2830.857750] active_file:3098 inactive_file:7656 isolated_file:0 [ 2830.857750] unevictable:0 dirty:44 writeback:0 unstable:0 [ 2830.857750] slab_reclaimable:29779 slab_unreclaimable:108070 [ 2830.857750] mapped:57698 shmem:244 pagetables:33147 bounce:0 [ 2830.857750] free:29183 free_pcp:440 free_cma:0 12:41:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2830.944862] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 12:41:21 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2830.992069] Node 1 active_anon:3323288kB inactive_anon:12kB active_file:12580kB inactive_file:25604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20276kB dirty:172kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2831.074666] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2831.304462] lowmem_reserve[]: 0 2569 2569 2569 2569 12:41:21 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2831.328681] Node 0 DMA32 free:27208kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1424kB local_pcp:888kB free_cma:0kB [ 2831.368047] lowmem_reserve[]: 0 0 0 0 0 [ 2831.373068] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2831.414062] lowmem_reserve[]: 0 0 0 0 0 [ 2831.418431] Node 1 Normal free:99048kB min:53504kB low:66880kB high:80256kB active_anon:3323200kB inactive_anon:4kB active_file:12632kB inactive_file:25764kB unevictable:0kB writepending:13716kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23712kB pagetables:76524kB bounce:0kB free_pcp:1388kB local_pcp:732kB free_cma:0kB [ 2831.475028] lowmem_reserve[]: 0 0 0 0 0 [ 2831.485053] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2831.503813] Node 0 DMA32: 392*4kB (UMEH) 2171*8kB (UMH) 509*16kB (UMEH) 4*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27208kB [ 2831.519805] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2831.534066] Node 1 Normal: 1154*4kB (UME) 765*8kB (UM) 246*16kB (UM) 141*32kB (ME) 78*64kB (UM) 195*128kB (UME) 130*256kB (UME) 40*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 109040kB [ 2831.556219] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2831.635282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2831.658342] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2831.674452] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2831.689884] 9189 total pagecache pages [ 2831.698529] 0 pages in swap cache [ 2831.705981] Swap cache stats: add 0, delete 0, find 0/0 [ 2831.715623] Free swap = 0kB [ 2831.719334] Total swap = 0kB [ 2831.735806] 1965979 pages RAM [ 2831.739751] 0 pages HighMem/MovableOnly [ 2831.746570] 335855 pages reserved [ 2831.775460] 0 pages cma reserved 12:41:21 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:21 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:41:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:22 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:22 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2833.079159] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2833.091373] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2833.097416] CPU: 1 PID: 30475 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2833.105309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.114685] Call Trace: [ 2833.117382] dump_stack+0x142/0x197 [ 2833.121023] warn_alloc.cold+0x96/0x1af [ 2833.125006] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2833.129877] ? wait_for_completion+0x420/0x420 [ 2833.134627] __alloc_pages_slowpath+0x23c6/0x2930 [ 2833.139498] ? warn_alloc+0xf0/0xf0 [ 2833.143151] ? __might_sleep+0x93/0xb0 [ 2833.147053] __alloc_pages_nodemask+0x62c/0x7a0 [ 2833.151734] ? rcu_read_lock_sched_held+0x110/0x130 [ 2833.156763] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2833.161807] alloc_pages_current+0xec/0x1e0 [ 2833.166142] kvm_mmu_create+0xdf/0x1e0 [ 2833.170035] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2833.174363] kvm_vcpu_init+0x272/0x360 [ 2833.178300] vmx_create_vcpu+0xfc/0x2aa0 [ 2833.182395] ? mutex_trylock+0x1c0/0x1c0 [ 2833.186478] ? retint_kernel+0x2d/0x2d [ 2833.190385] ? handle_rdmsr+0x6e0/0x6e0 [ 2833.194379] ? wait_for_completion+0x420/0x420 [ 2833.198983] kvm_arch_vcpu_create+0x8c/0xc0 [ 2833.203449] kvm_vm_ioctl+0x501/0x1600 [ 2833.207384] ? __lock_acquire+0x5f7/0x4620 [ 2833.211635] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.215787] ? trace_hardirqs_on+0x10/0x10 [ 2833.220046] ? trace_hardirqs_on+0x10/0x10 [ 2833.224286] ? __might_fault+0x110/0x1d0 [ 2833.228484] ? save_trace+0x290/0x290 [ 2833.232299] ? trace_hardirqs_on_caller+0x400/0x590 [ 2833.237346] ? __fget+0x210/0x370 [ 2833.240813] ? find_held_lock+0x35/0x130 [ 2833.244880] ? __fget+0x210/0x370 [ 2833.248369] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.252531] do_vfs_ioctl+0x7ae/0x1060 [ 2833.256426] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2833.261196] ? lock_downgrade+0x740/0x740 [ 2833.265360] ? ioctl_preallocate+0x1c0/0x1c0 [ 2833.269814] ? __fget+0x237/0x370 [ 2833.269827] syz-executor.2: [ 2833.273286] ? security_file_ioctl+0x89/0xb0 [ 2833.273300] SyS_ioctl+0x8f/0xc0 [ 2833.273309] ? do_vfs_ioctl+0x1060/0x1060 [ 2833.273321] do_syscall_64+0x1e8/0x640 [ 2833.273330] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2833.273349] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2833.273357] RIP: 0033:0x45b399 [ 2833.273362] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2833.273372] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2833.273378] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2833.273383] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2833.273389] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2833.273395] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2833.306916] Mem-Info: [ 2833.322008] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2833.322088] syz-executor.2 cpuset=syz2 [ 2833.329827] active_anon:1298789 inactive_anon:1219 isolated_anon:0 [ 2833.329827] active_file:3162 inactive_file:2188 isolated_file:0 [ 2833.329827] unevictable:0 dirty:3 writeback:0 unstable:0 [ 2833.329827] slab_reclaimable:29839 slab_unreclaimable:107643 [ 2833.329827] mapped:56346 shmem:244 pagetables:33138 bounce:0 [ 2833.329827] free:39230 free_pcp:121 free_cma:0 [ 2833.338923] mems_allowed=0-1 [ 2833.349394] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2833.352876] CPU: 0 PID: 30482 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2833.354993] Node 1 active_anon:3324368kB inactive_anon:12kB active_file:12636kB inactive_file:8748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16468kB dirty:8kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2833.363842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.363849] Call Trace: [ 2833.363870] dump_stack+0x142/0x197 [ 2833.363884] warn_alloc.cold+0x96/0x1af [ 2833.363892] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2833.363903] ? retint_kernel+0x2d/0x2d [ 2833.363918] ? warn_alloc+0xb/0xf0 [ 2833.363930] __alloc_pages_slowpath+0x23c6/0x2930 [ 2833.363940] ? check_preemption_disabled+0x3c/0x250 [ 2833.363962] ? warn_alloc+0xf0/0xf0 [ 2833.363982] ? __might_sleep+0x93/0xb0 [ 2833.364076] __alloc_pages_nodemask+0x62c/0x7a0 [ 2833.364102] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2833.364119] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2833.364128] ? check_preemption_disabled+0x3c/0x250 [ 2833.364148] alloc_pages_current+0xec/0x1e0 [ 2833.364159] ? __sanitizer_cov_trace_pc+0x41/0x60 [ 2833.364173] kvm_mmu_create+0xdf/0x1e0 [ 2833.364192] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2833.364206] kvm_vcpu_init+0x272/0x360 [ 2833.364220] vmx_create_vcpu+0xfc/0x2aa0 [ 2833.364231] ? mutex_trylock+0x1c0/0x1c0 [ 2833.364250] ? handle_rdmsr+0x6e0/0x6e0 [ 2833.364261] ? wait_for_completion+0x420/0x420 [ 2833.364275] kvm_arch_vcpu_create+0x8c/0xc0 [ 2833.364288] kvm_vm_ioctl+0x501/0x1600 [ 2833.364300] ? __lock_acquire+0x5f7/0x4620 [ 2833.364314] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.364324] ? retint_kernel+0x2d/0x2d [ 2833.364336] ? trace_hardirqs_on_caller+0x400/0x590 [ 2833.364348] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2833.364360] ? check_preemption_disabled+0x3c/0x250 [ 2833.364369] ? retint_kernel+0x2d/0x2d [ 2833.364389] ? selinux_file_ioctl+0x30a/0x560 [ 2833.368694] Node 0 [ 2833.402105] ? selinux_file_ioctl+0x33d/0x560 [ 2833.402119] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.402130] do_vfs_ioctl+0x7ae/0x1060 [ 2833.402142] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2833.402152] ? lock_downgrade+0x740/0x740 [ 2833.402162] ? ioctl_preallocate+0x1c0/0x1c0 [ 2833.402174] ? __fget+0x237/0x370 [ 2833.402191] ? security_file_ioctl+0x89/0xb0 [ 2833.402207] SyS_ioctl+0x8f/0xc0 [ 2833.405712] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2833.432818] ? do_vfs_ioctl+0x1060/0x1060 [ 2833.432832] do_syscall_64+0x1e8/0x640 [ 2833.432841] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2833.432858] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2833.432865] RIP: 0033:0x45b399 [ 2833.432870] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2833.432880] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2833.432885] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2833.432890] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2833.432896] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2833.432902] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2833.698803] syz-executor.5: [ 2833.699869] lowmem_reserve[]: [ 2833.706355] page allocation failure: order:0 [ 2833.709841] 0 [ 2833.715221] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2833.721184] 2569 [ 2833.733047] (null) [ 2833.736221] 2569 [ 2833.744863] syz-executor.5 cpuset= [ 2833.750769] 2569 [ 2833.762282] syz5 [ 2833.764721] 2569 [ 2833.769355] mems_allowed=0-1 [ 2833.778584] CPU: 0 PID: 30517 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2833.779201] Node 0 [ 2833.781145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.781150] Call Trace: [ 2833.781170] dump_stack+0x142/0x197 [ 2833.781184] warn_alloc.cold+0x96/0x1af [ 2833.781193] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2833.781213] ? wait_for_completion+0x420/0x420 [ 2833.781228] __alloc_pages_slowpath+0x23c6/0x2930 [ 2833.781251] ? warn_alloc+0xf0/0xf0 [ 2833.783622] DMA32 free:29520kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:336kB local_pcp:0kB free_cma:0kB [ 2833.786874] ? __might_sleep+0x93/0xb0 [ 2833.786889] __alloc_pages_nodemask+0x62c/0x7a0 [ 2833.786902] ? rcu_read_lock_sched_held+0x110/0x130 [ 2833.786914] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2833.786941] alloc_pages_current+0xec/0x1e0 [ 2833.789253] lowmem_reserve[]: [ 2833.791031] kvm_mmu_create+0xdf/0x1e0 [ 2833.791045] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2833.791053] ? alloc_pages_current+0x1/0x1e0 [ 2833.791065] kvm_vcpu_init+0x272/0x360 [ 2833.791079] vmx_create_vcpu+0xfc/0x2aa0 [ 2833.791090] ? mutex_trylock+0x1c0/0x1c0 [ 2833.791107] ? handle_rdmsr+0x6e0/0x6e0 12:41:24 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2833.791121] ? wait_for_completion+0x420/0x420 [ 2833.793688] 0 [ 2833.796306] kvm_arch_vcpu_create+0x8c/0xc0 [ 2833.796320] kvm_vm_ioctl+0x501/0x1600 [ 2833.796332] ? __lock_acquire+0x5f7/0x4620 [ 2833.796340] ? find_held_lock+0x35/0x130 [ 2833.796352] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.796362] ? trace_hardirqs_on+0x10/0x10 [ 2833.796377] ? trace_hardirqs_on+0x10/0x10 [ 2833.796386] ? __might_fault+0x110/0x1d0 [ 2833.796396] ? save_trace+0x290/0x290 [ 2833.796404] ? __might_fault+0x110/0x1d0 [ 2833.796419] ? __fget+0x210/0x370 [ 2833.804623] 0 [ 2833.806564] ? retint_kernel+0x2d/0x2d [ 2833.806582] ? kvm_vcpu_release+0xa0/0xa0 [ 2833.806594] do_vfs_ioctl+0x7ae/0x1060 [ 2833.806607] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2833.806617] ? check_preemption_disabled+0x3c/0x250 [ 2833.806628] ? ioctl_preallocate+0x1c0/0x1c0 [ 2833.806647] ? security_file_ioctl+0x89/0xb0 [ 2833.816537] 0 [ 2833.818595] SyS_ioctl+0x8f/0xc0 [ 2833.818607] ? do_vfs_ioctl+0x1060/0x1060 [ 2833.818619] do_syscall_64+0x1e8/0x640 [ 2833.818629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2833.818647] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2833.818657] RIP: 0033:0x45b399 [ 2833.822578] 0 [ 2833.826268] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2833.826278] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2833.826283] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2833.826288] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2833.826293] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2833.826299] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2834.090348] 0 [ 2834.092341] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2834.118015] lowmem_reserve[]: 0 0 0 0 0 [ 2834.122081] Node 1 Normal free:116320kB min:53504kB low:66880kB high:80256kB active_anon:3324328kB inactive_anon:12kB active_file:12636kB inactive_file:8716kB unevictable:0kB writepending:208kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23584kB pagetables:76404kB bounce:0kB free_pcp:556kB local_pcp:244kB free_cma:0kB [ 2834.152419] lowmem_reserve[]: 0 0 0 0 0 [ 2834.156608] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2834.172862] Node 0 DMA32: 516*4kB (UMEH) 2281*8kB (UMEH) 557*16kB (UMEH) 13*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29640kB [ 2834.187126] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2834.198119] Node 1 Normal: 1446*4kB (UM) 908*8kB (UM) 563*16kB (UME) 180*32kB (UME) 97*64kB (UME) 178*128kB (UME) 130*256kB (UME) 40*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 116712kB [ 2834.224584] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2834.247394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2834.256246] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2834.265335] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2834.274070] 5586 total pagecache pages [ 2834.277995] 0 pages in swap cache [ 2834.281861] Swap cache stats: add 0, delete 0, find 0/0 [ 2834.287262] Free swap = 0kB [ 2834.290424] Total swap = 0kB [ 2834.293463] 1965979 pages RAM 12:41:24 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:24 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:24 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 12:41:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2834.297113] 0 pages HighMem/MovableOnly [ 2834.301282] 335855 pages reserved [ 2834.304737] 0 pages cma reserved [ 2834.389367] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2834.437398] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2834.448809] CPU: 1 PID: 30549 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2834.456741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2834.466129] Call Trace: [ 2834.468839] dump_stack+0x142/0x197 [ 2834.472503] warn_alloc.cold+0x96/0x1af [ 2834.476493] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2834.481356] ? wait_for_completion+0x420/0x420 [ 2834.486173] __alloc_pages_slowpath+0x23c6/0x2930 [ 2834.491045] ? warn_alloc+0xf0/0xf0 [ 2834.494715] ? __might_sleep+0x93/0xb0 [ 2834.498612] __alloc_pages_nodemask+0x62c/0x7a0 [ 2834.503304] ? rcu_read_lock_sched_held+0x110/0x130 [ 2834.508369] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2834.513413] alloc_pages_current+0xec/0x1e0 [ 2834.519326] kvm_mmu_create+0xdf/0x1e0 [ 2834.523365] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2834.527717] kvm_vcpu_init+0x272/0x360 [ 2834.531624] vmx_create_vcpu+0xfc/0x2aa0 [ 2834.535704] ? mutex_trylock+0x1c0/0x1c0 [ 2834.539792] ? handle_rdmsr+0x6e0/0x6e0 [ 2834.543794] ? wait_for_completion+0x420/0x420 [ 2834.548398] kvm_arch_vcpu_create+0x8c/0xc0 [ 2834.552744] kvm_vm_ioctl+0x501/0x1600 [ 2834.556655] ? __lock_acquire+0x5f7/0x4620 [ 2834.560913] ? kvm_vcpu_release+0xa0/0xa0 [ 2834.565103] ? retint_kernel+0x2d/0x2d [ 2834.569012] ? trace_hardirqs_on_caller+0x400/0x590 [ 2834.574053] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2834.578833] ? check_preemption_disabled+0x3c/0x250 [ 2834.583866] ? retint_kernel+0x2d/0x2d [ 2834.587781] ? selinux_file_ioctl+0x19a/0x560 [ 2834.592302] ? selinux_file_ioctl+0x1ca/0x560 [ 2834.596984] ? kvm_vcpu_release+0xa0/0xa0 [ 2834.601152] do_vfs_ioctl+0x7ae/0x1060 [ 2834.605060] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2834.609831] ? lock_downgrade+0x740/0x740 [ 2834.614122] ? ioctl_preallocate+0x1c0/0x1c0 [ 2834.618555] ? __fget+0x237/0x370 [ 2834.622033] ? security_file_ioctl+0x89/0xb0 [ 2834.626459] SyS_ioctl+0x8f/0xc0 [ 2834.629844] ? do_vfs_ioctl+0x1060/0x1060 [ 2834.634018] do_syscall_64+0x1e8/0x640 [ 2834.637920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2834.642796] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2834.648005] RIP: 0033:0x45b399 [ 2834.651199] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2834.658920] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2834.666305] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2834.673590] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2834.680874] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2834.688269] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2834.714907] warn_alloc_show_mem: 2 callbacks suppressed [ 2834.714948] Mem-Info: [ 2834.728958] active_anon:1299118 inactive_anon:1219 isolated_anon:0 12:41:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2834.728958] active_file:3160 inactive_file:5381 isolated_file:3 [ 2834.728958] unevictable:0 dirty:3258 writeback:0 unstable:0 [ 2834.728958] slab_reclaimable:29591 slab_unreclaimable:107908 [ 2834.728958] mapped:56346 shmem:244 pagetables:33204 bounce:0 [ 2834.728958] free:35211 free_pcp:352 free_cma:0 [ 2834.887083] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:2104kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:208916kB dirty:2204kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2834.932920] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2834.955473] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2834.968112] CPU: 0 PID: 30560 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2834.976156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2834.985518] Call Trace: [ 2834.988130] dump_stack+0x142/0x197 [ 2834.991866] warn_alloc.cold+0x96/0x1af [ 2834.995854] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2835.000716] ? wait_for_completion+0x420/0x420 [ 2835.005341] __alloc_pages_slowpath+0x23c6/0x2930 [ 2835.010228] ? warn_alloc+0xf0/0xf0 [ 2835.013882] ? __might_sleep+0x93/0xb0 [ 2835.017787] __alloc_pages_nodemask+0x62c/0x7a0 [ 2835.019128] Node 1 active_anon:3328284kB inactive_anon:12kB active_file:12636kB inactive_file:10724kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16468kB dirty:2228kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2835.022601] ? rcu_read_lock_sched_held+0x110/0x130 [ 2835.022614] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2835.022630] ? check_preemption_disabled+0x3c/0x250 [ 2835.022646] alloc_pages_current+0xec/0x1e0 [ 2835.022661] kvm_mmu_create+0xdf/0x1e0 [ 2835.022675] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2835.022693] kvm_vcpu_init+0x272/0x360 [ 2835.083134] vmx_create_vcpu+0xfc/0x2aa0 [ 2835.087215] ? mutex_trylock+0x1c0/0x1c0 [ 2835.091416] ? drop_futex_key_refs.isra.0+0x12/0xb0 [ 2835.096456] ? handle_rdmsr+0x6e0/0x6e0 [ 2835.100563] ? wait_for_completion+0x420/0x420 [ 2835.105176] kvm_arch_vcpu_create+0x8c/0xc0 [ 2835.109519] kvm_vm_ioctl+0x501/0x1600 [ 2835.113436] ? __lock_acquire+0x5f7/0x4620 [ 2835.117688] ? find_held_lock+0x35/0x130 [ 2835.121898] ? kvm_vcpu_release+0xa0/0xa0 [ 2835.126073] ? retint_kernel+0x2d/0x2d [ 2835.129979] ? trace_hardirqs_on_caller+0x400/0x590 [ 2835.135152] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2835.139938] ? check_preemption_disabled+0x3c/0x250 [ 2835.144978] ? retint_kernel+0x2d/0x2d [ 2835.148895] ? selinux_file_ioctl+0x24a/0x560 [ 2835.153415] ? kvm_vcpu_release+0xa0/0xa0 [ 2835.157590] do_vfs_ioctl+0x7ae/0x1060 [ 2835.161502] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2835.166365] ? lock_downgrade+0x740/0x740 [ 2835.170534] ? ioctl_preallocate+0x1c0/0x1c0 [ 2835.172599] Node 0 [ 2835.174956] ? __fget+0x237/0x370 [ 2835.174975] ? security_file_ioctl+0x89/0xb0 [ 2835.174991] SyS_ioctl+0x8f/0xc0 [ 2835.175002] ? do_vfs_ioctl+0x1060/0x1060 [ 2835.175015] do_syscall_64+0x1e8/0x640 [ 2835.175027] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2835.187557] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2835.188484] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2835.188493] RIP: 0033:0x45b399 [ 2835.188499] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2835.188511] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2835.188517] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 2835.188523] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2835.188527] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2835.188535] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2835.285684] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2835.311649] Node 0 DMA32 free:29028kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1504kB local_pcp:624kB free_cma:0kB [ 2835.357925] lowmem_reserve[]: 0 0 0 0 0 [ 2835.363931] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2835.395377] lowmem_reserve[]: 0 0 0 0 0 12:41:25 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2835.399944] Node 1 Normal free:111176kB min:53504kB low:66880kB high:80256kB active_anon:3325848kB inactive_anon:12kB active_file:12640kB inactive_file:10216kB unevictable:0kB writepending:1708kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23904kB pagetables:76860kB bounce:0kB free_pcp:820kB local_pcp:740kB free_cma:0kB 12:41:25 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2835.657304] lowmem_reserve[]: 0 0 0 0 0 [ 2835.666524] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2835.696583] Node 0 DMA32: 99*4kB (UH) 2220*8kB (UEH) 554*16kB (UEH) 9*32kB (UH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27308kB [ 2835.710265] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2835.723510] Node 1 Normal: 263*4kB (M) 16*8kB (UM) 206*16kB (UM) 164*32kB (ME) 97*64kB (UME) 169*128kB (UME) 131*256kB (UME) 40*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 97724kB [ 2835.748514] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2835.757627] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2835.766472] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2835.775555] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2835.788919] 9682 total pagecache pages [ 2835.793836] 0 pages in swap cache [ 2835.797448] Swap cache stats: add 0, delete 0, find 0/0 12:41:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2835.806438] Free swap = 0kB [ 2835.809630] Total swap = 0kB [ 2835.813765] 1965979 pages RAM [ 2835.817181] 0 pages HighMem/MovableOnly [ 2835.827154] 335855 pages reserved [ 2835.834666] 0 pages cma reserved 12:41:26 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:26 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2836.012249] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2836.058062] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2836.085830] CPU: 0 PID: 30564 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2836.093783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2836.103146] Call Trace: [ 2836.105752] dump_stack+0x142/0x197 [ 2836.109392] warn_alloc.cold+0x96/0x1af [ 2836.113398] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2836.118271] ? wait_for_completion+0x420/0x420 [ 2836.122899] __alloc_pages_slowpath+0x23c6/0x2930 [ 2836.127754] ? check_preemption_disabled+0x3c/0x250 [ 2836.132950] ? warn_alloc+0xf0/0xf0 [ 2836.136610] ? __might_sleep+0x93/0xb0 [ 2836.140516] __alloc_pages_nodemask+0x62c/0x7a0 [ 2836.145313] ? rcu_read_lock_sched_held+0x110/0x130 [ 2836.150349] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2836.155457] alloc_pages_current+0xec/0x1e0 [ 2836.159806] kvm_mmu_create+0xdf/0x1e0 [ 2836.163715] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2836.168050] ? kvm_arch_vcpu_init+0x1/0x8e0 [ 2836.172385] kvm_vcpu_init+0x272/0x360 [ 2836.176291] vmx_create_vcpu+0xfc/0x2aa0 [ 2836.180371] ? check_preemption_disabled+0x3c/0x250 [ 2836.185415] ? retint_kernel+0x2d/0x2d [ 2836.189326] ? handle_rdmsr+0x6e0/0x6e0 [ 2836.193326] kvm_arch_vcpu_create+0x8c/0xc0 [ 2836.197663] kvm_vm_ioctl+0x501/0x1600 [ 2836.201749] ? __lock_acquire+0x5f7/0x4620 [ 2836.206191] ? kvm_vcpu_release+0xa0/0xa0 [ 2836.210958] ? retint_kernel+0x2d/0x2d [ 2836.214863] ? retint_kernel+0x2d/0x2d [ 2836.218765] ? trace_hardirqs_on_caller+0x400/0x590 [ 2836.223797] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2836.228575] ? check_preemption_disabled+0x3c/0x250 [ 2836.233603] ? retint_kernel+0x2d/0x2d [ 2836.237511] ? do_vfs_ioctl+0x74f/0x1060 [ 2836.241717] ? kvm_vcpu_release+0xa0/0xa0 [ 2836.245875] do_vfs_ioctl+0x7ae/0x1060 [ 2836.249779] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2836.254548] ? lock_downgrade+0x740/0x740 [ 2836.258714] ? ioctl_preallocate+0x1c0/0x1c0 [ 2836.263139] ? __fget+0x237/0x370 [ 2836.266615] ? security_file_ioctl+0x89/0xb0 [ 2836.271041] SyS_ioctl+0x8f/0xc0 [ 2836.274507] ? do_vfs_ioctl+0x1060/0x1060 [ 2836.278759] do_syscall_64+0x1e8/0x640 [ 2836.282692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2836.287554] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2836.292909] RIP: 0033:0x45b399 [ 2836.296105] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2836.303930] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2836.311212] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2836.318518] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2836.325829] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2836.333223] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:26 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2836.494480] warn_alloc_show_mem: 1 callbacks suppressed [ 2836.494509] Mem-Info: [ 2836.503764] active_anon:1302259 inactive_anon:1219 isolated_anon:0 [ 2836.503764] active_file:3164 inactive_file:4454 isolated_file:0 [ 2836.503764] unevictable:0 dirty:649 writeback:579 unstable:0 [ 2836.503764] slab_reclaimable:29463 slab_unreclaimable:108100 [ 2836.503764] mapped:56346 shmem:244 pagetables:33223 bounce:0 [ 2836.503764] free:32625 free_pcp:633 free_cma:0 [ 2836.780550] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:3000kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:3004kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2836.813805] Node 1 active_anon:3327348kB inactive_anon:12kB active_file:12640kB inactive_file:22716kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16568kB dirty:5992kB writeback:16kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2836.842418] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2836.877278] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2836.882778] Node 0 DMA32 free:27184kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:3000kB unevictable:0kB writepending:3112kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1484kB local_pcp:780kB free_cma:0kB [ 2836.930982] lowmem_reserve[]: 0 0 0 0 0 [ 2836.935326] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2836.971186] lowmem_reserve[]: 0 0 0 0 0 [ 2836.975778] Node 1 Normal free:101312kB min:53504kB low:66880kB high:80256kB active_anon:3327348kB inactive_anon:12kB active_file:12640kB inactive_file:16616kB unevictable:0kB writepending:1856kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23744kB pagetables:76712kB bounce:0kB free_pcp:944kB local_pcp:304kB free_cma:0kB [ 2837.008783] lowmem_reserve[]: 0 0 0 0 0 [ 2837.013137] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2837.029760] Node 0 DMA32: 555*4kB (UMH) 2314*8kB (UMH) 591*16kB (UMEH) 17*32kB (UH) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30796kB [ 2837.044334] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2837.056027] Node 1 Normal: 639*4kB (UME) 873*8kB (UM) 461*16kB (ME) 127*32kB (UM) 64*64kB (UM) 156*128kB (UME) 131*256kB (UME) 40*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 105204kB [ 2837.073413] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2837.082637] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2837.091325] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2837.100813] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2837.109405] 5666 total pagecache pages [ 2837.113805] 0 pages in swap cache [ 2837.117430] Swap cache stats: add 0, delete 0, find 0/0 [ 2837.123184] Free swap = 0kB [ 2837.126232] Total swap = 0kB [ 2837.129255] 1965979 pages RAM 12:41:27 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:27 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2837.132841] 0 pages HighMem/MovableOnly [ 2837.136830] 335855 pages reserved [ 2837.140644] 0 pages cma reserved [ 2837.305486] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2837.316676] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2837.322998] CPU: 1 PID: 30623 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2837.331011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.340374] Call Trace: [ 2837.342976] dump_stack+0x142/0x197 [ 2837.346754] warn_alloc.cold+0x96/0x1af [ 2837.350741] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2837.355695] ? check_preemption_disabled+0x3c/0x250 [ 2837.360723] ? retint_kernel+0x2d/0x2d [ 2837.364718] __alloc_pages_slowpath+0x23c6/0x2930 [ 2837.369589] ? warn_alloc+0xf0/0xf0 [ 2837.373235] ? __might_sleep+0x93/0xb0 [ 2837.377137] __alloc_pages_nodemask+0x62c/0x7a0 [ 2837.381816] ? rcu_read_lock_sched_held+0x110/0x130 [ 2837.386841] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2837.391878] alloc_pages_current+0xec/0x1e0 [ 2837.396221] kvm_mmu_create+0xdf/0x1e0 [ 2837.400132] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2837.404594] kvm_vcpu_init+0x272/0x360 [ 2837.408505] vmx_create_vcpu+0xfc/0x2aa0 [ 2837.412584] ? check_preemption_disabled+0x3c/0x250 [ 2837.417624] ? retint_kernel+0x2d/0x2d [ 2837.421537] ? handle_rdmsr+0x6e0/0x6e0 [ 2837.425525] ? kvm_arch_vcpu_create+0x61/0xc0 [ 2837.430039] ? __sanitizer_cov_trace_pc+0x3e/0x60 [ 2837.434904] kvm_arch_vcpu_create+0x8c/0xc0 [ 2837.439249] kvm_vm_ioctl+0x501/0x1600 [ 2837.443154] ? __lock_acquire+0x5f7/0x4620 [ 2837.447516] ? mark_held_locks+0xb1/0x100 [ 2837.451696] ? kvm_vcpu_release+0xa0/0xa0 [ 2837.455372] syz-executor.5: [ 2837.455846] ? retint_kernel+0x2d/0x2d [ 2837.455863] ? trace_hardirqs_on_caller+0x400/0x590 [ 2837.459730] page allocation failure: order:0 [ 2837.462796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2837.462809] ? check_preemption_disabled+0x3c/0x250 [ 2837.462820] ? retint_kernel+0x2d/0x2d [ 2837.462839] ? selinux_file_ioctl+0x24a/0x560 [ 2837.462853] ? kvm_vcpu_release+0xa0/0xa0 [ 2837.462866] do_vfs_ioctl+0x7ae/0x1060 [ 2837.462878] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2837.462889] ? lock_downgrade+0x740/0x740 [ 2837.462900] ? ioctl_preallocate+0x1c0/0x1c0 [ 2837.462912] ? __fget+0x237/0x370 [ 2837.462927] ? security_file_ioctl+0x89/0xb0 [ 2837.462939] SyS_ioctl+0x8f/0xc0 [ 2837.462949] ? do_vfs_ioctl+0x1060/0x1060 [ 2837.462961] do_syscall_64+0x1e8/0x640 [ 2837.462971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2837.462986] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2837.462995] RIP: 0033:0x45b399 [ 2837.463000] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2837.463011] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2837.463017] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2837.463029] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2837.463035] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2837.463041] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2837.719463] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2837.730678] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2837.736116] CPU: 1 PID: 30602 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2837.744103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.753470] Call Trace: [ 2837.756073] dump_stack+0x142/0x197 [ 2837.759720] warn_alloc.cold+0x96/0x1af [ 2837.763727] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2837.768631] ? wait_for_completion+0x420/0x420 [ 2837.773237] __alloc_pages_slowpath+0x23c6/0x2930 [ 2837.778102] ? trace_hardirqs_on_caller+0x400/0x590 [ 2837.783144] ? retint_kernel+0x2d/0x2d [ 2837.787061] ? warn_alloc+0xf0/0xf0 [ 2837.790712] ? __might_sleep+0x93/0xb0 [ 2837.794616] __alloc_pages_nodemask+0x62c/0x7a0 [ 2837.799317] ? rcu_read_lock_sched_held+0x110/0x130 [ 2837.804351] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2837.809397] alloc_pages_current+0xec/0x1e0 [ 2837.813889] kvm_mmu_create+0xdf/0x1e0 [ 2837.817801] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2837.822142] kvm_vcpu_init+0x272/0x360 [ 2837.826049] vmx_create_vcpu+0xfc/0x2aa0 [ 2837.830253] ? mutex_trylock+0x1c0/0x1c0 [ 2837.834336] ? handle_rdmsr+0x6e0/0x6e0 [ 2837.838341] ? wait_for_completion+0x420/0x420 [ 2837.842947] kvm_arch_vcpu_create+0x8c/0xc0 [ 2837.847413] kvm_vm_ioctl+0x501/0x1600 [ 2837.851313] ? __lock_acquire+0x5f7/0x4620 [ 2837.855665] ? find_held_lock+0x35/0x130 [ 2837.859744] ? kvm_vcpu_release+0xa0/0xa0 [ 2837.863901] ? trace_hardirqs_on+0x10/0x10 [ 2837.868147] ? retint_kernel+0x2d/0x2d [ 2837.872050] ? trace_hardirqs_on_caller+0x400/0x590 [ 2837.877083] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2837.881854] ? check_preemption_disabled+0x3c/0x250 [ 2837.886884] ? retint_kernel+0x2d/0x2d [ 2837.890902] ? kvm_vcpu_release+0xa0/0xa0 [ 2837.895096] ? kvm_vcpu_release+0xa0/0xa0 [ 2837.899264] do_vfs_ioctl+0x7ae/0x1060 [ 2837.903167] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2837.907946] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2837.912809] ? ioctl_preallocate+0x1c0/0x1c0 [ 2837.917252] ? check_preemption_disabled+0x3c/0x250 [ 2837.922284] ? retint_kernel+0x2d/0x2d [ 2837.926197] ? security_file_ioctl+0x89/0xb0 [ 2837.930712] SyS_ioctl+0x8f/0xc0 [ 2837.934251] ? do_vfs_ioctl+0x1060/0x1060 [ 2837.938419] do_syscall_64+0x1e8/0x640 [ 2837.942432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2837.947302] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2837.952509] RIP: 0033:0x45b399 [ 2837.955812] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2837.963534] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2837.971074] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2837.978361] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2837.985750] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2837.993074] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2838.017608] Mem-Info: [ 2838.021051] active_anon:1299615 inactive_anon:1219 isolated_anon:0 [ 2838.021051] active_file:3164 inactive_file:2200 isolated_file:0 [ 2838.021051] unevictable:0 dirty:50 writeback:0 unstable:0 [ 2838.021051] slab_reclaimable:29426 slab_unreclaimable:108003 [ 2838.021051] mapped:56346 shmem:244 pagetables:33264 bounce:0 [ 2838.021051] free:37593 free_pcp:738 free_cma:0 [ 2838.055916] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2838.069197] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2838.090721] Node 1 active_anon:3327656kB inactive_anon:12kB active_file:12700kB inactive_file:8812kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16500kB dirty:236kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2838.094340] (null) [ 2838.097062] Node 0 [ 2838.124883] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2838.131539] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2838.135420] CPU: 0 PID: 30562 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2838.162374] lowmem_reserve[]: [ 2838.168867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2838.168873] Call Trace: [ 2838.168895] dump_stack+0x142/0x197 [ 2838.168909] warn_alloc.cold+0x96/0x1af [ 2838.168917] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2838.168929] ? __mutex_unlock_slowpath+0x281/0x800 [ 2838.168945] ? wait_for_completion+0x420/0x420 [ 2838.168960] __alloc_pages_slowpath+0x23c6/0x2930 [ 2838.168982] ? warn_alloc+0xf0/0xf0 [ 2838.172507] 0 [ 2838.181504] ? __might_sleep+0x93/0xb0 [ 2838.181520] __alloc_pages_nodemask+0x62c/0x7a0 [ 2838.181532] ? rcu_read_lock_sched_held+0x110/0x130 [ 2838.181543] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2838.181556] ? check_preemption_disabled+0x3c/0x250 [ 2838.181571] alloc_pages_current+0xec/0x1e0 [ 2838.181585] kvm_mmu_create+0xdf/0x1e0 [ 2838.181605] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2838.181622] kvm_vcpu_init+0x272/0x360 [ 2838.181639] vmx_create_vcpu+0xfc/0x2aa0 [ 2838.185561] 2569 [ 2838.188018] ? mutex_trylock+0x1c0/0x1c0 [ 2838.188041] ? handle_rdmsr+0x6e0/0x6e0 [ 2838.188057] ? wait_for_completion+0x420/0x420 [ 2838.192371] 2569 [ 2838.196995] kvm_arch_vcpu_create+0x8c/0xc0 [ 2838.197010] kvm_vm_ioctl+0x501/0x1600 [ 2838.197022] ? __lock_acquire+0x5f7/0x4620 [ 2838.197030] ? mark_held_locks+0xb1/0x100 [ 2838.197041] ? kvm_vcpu_release+0xa0/0xa0 [ 2838.197050] ? trace_hardirqs_on+0x10/0x10 [ 2838.197065] ? trace_hardirqs_on+0x10/0x10 [ 2838.197075] ? __might_fault+0x110/0x1d0 [ 2838.197085] ? save_trace+0x290/0x290 12:41:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:28 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:28 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:28 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2838.197102] ? trace_hardirqs_on_caller+0x400/0x590 [ 2838.204498] 2569 [ 2838.206628] ? __fget+0x210/0x370 [ 2838.206642] ? retint_kernel+0x2d/0x2d [ 2838.206658] ? kvm_vcpu_release+0xa0/0xa0 [ 2838.206669] do_vfs_ioctl+0x7ae/0x1060 [ 2838.206684] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2838.211867] 2569 [ 2838.215166] ? check_preemption_disabled+0x3c/0x250 [ 2838.215181] ? ioctl_preallocate+0x1c0/0x1c0 [ 2838.215204] ? security_file_ioctl+0x89/0xb0 [ 2838.215217] SyS_ioctl+0x8f/0xc0 [ 2838.215229] ? do_vfs_ioctl+0x1060/0x1060 [ 2838.221796] do_syscall_64+0x1e8/0x640 [ 2838.221809] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2838.221826] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2838.221834] RIP: 0033:0x45b399 [ 2838.221839] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2838.221849] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2838.221854] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2838.221860] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:41:28 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2838.221866] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2838.221871] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2838.441729] Node 0 DMA32 free:30700kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1620kB local_pcp:952kB free_cma:0kB [ 2838.510067] lowmem_reserve[]: 0 0 0 0 0 [ 2838.514252] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2838.541763] lowmem_reserve[]: 0 0 0 0 0 12:41:28 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2838.545828] Node 1 Normal free:107684kB min:53504kB low:66880kB high:80256kB active_anon:3327820kB inactive_anon:12kB active_file:12904kB inactive_file:9444kB unevictable:0kB writepending:1008kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24000kB pagetables:77028kB bounce:0kB free_pcp:1016kB local_pcp:612kB free_cma:0kB [ 2838.585009] lowmem_reserve[]: 0 0 0 0 0 [ 2838.589453] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2838.644855] Node 0 DMA32: 557*4kB (UMEH) 2354*8kB (UMH) 595*16kB (UMEH) 21*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31252kB [ 2838.847769] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2838.858780] Node 1 Normal: 2*4kB (UE) 2*8kB (ME) 1*16kB (U) 76*32kB (UME) 85*64kB (UME) 153*128kB (UME) 129*256kB (UME) 41*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 87656kB [ 2838.879004] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 12:41:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2838.895226] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2838.904985] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2838.914103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2838.922835] 10724 total pagecache pages [ 2838.926893] 0 pages in swap cache [ 2838.930473] Swap cache stats: add 0, delete 0, find 0/0 [ 2838.935964] Free swap = 0kB [ 2838.939058] Total swap = 0kB [ 2838.942323] 1965979 pages RAM 12:41:29 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2838.945516] 0 pages HighMem/MovableOnly [ 2838.949544] 335855 pages reserved [ 2838.953255] 0 pages cma reserved 12:41:29 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:29 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:29 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:29 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2839.821801] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2839.884302] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2839.925716] CPU: 0 PID: 30641 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2839.933880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.943799] Call Trace: [ 2839.946598] dump_stack+0x142/0x197 [ 2839.950254] warn_alloc.cold+0x96/0x1af [ 2839.954247] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2839.959249] ? wait_for_completion+0x420/0x420 [ 2839.964282] __alloc_pages_slowpath+0x23c6/0x2930 [ 2839.969331] ? warn_alloc+0xf0/0xf0 [ 2839.972991] ? __might_sleep+0x93/0xb0 [ 2839.977051] __alloc_pages_nodemask+0x62c/0x7a0 [ 2839.981925] ? retint_kernel+0x2d/0x2d [ 2839.985919] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2839.991403] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2839.996185] ? check_preemption_disabled+0x3c/0x250 [ 2840.001222] ? retint_kernel+0x2d/0x2d [ 2840.005637] alloc_pages_current+0xec/0x1e0 [ 2840.010178] kvm_mmu_create+0xdf/0x1e0 [ 2840.014094] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2840.018619] kvm_vcpu_init+0x272/0x360 [ 2840.022557] vmx_create_vcpu+0xfc/0x2aa0 [ 2840.026642] ? mutex_trylock+0x1c0/0x1c0 [ 2840.030875] ? retint_kernel+0x2d/0x2d [ 2840.034803] ? handle_rdmsr+0x6e0/0x6e0 [ 2840.038896] ? wait_for_completion+0x420/0x420 [ 2840.043752] kvm_arch_vcpu_create+0x8c/0xc0 [ 2840.048280] kvm_vm_ioctl+0x501/0x1600 [ 2840.052278] ? __lock_acquire+0x5f7/0x4620 [ 2840.056956] ? kvm_vcpu_release+0xa0/0xa0 [ 2840.061126] ? trace_hardirqs_on+0x10/0x10 [ 2840.065592] ? retint_kernel+0x2d/0x2d [ 2840.069520] ? trace_hardirqs_on_caller+0x400/0x590 [ 2840.074752] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2840.079844] ? check_preemption_disabled+0x3c/0x250 [ 2840.084887] ? retint_kernel+0x2d/0x2d [ 2840.088938] ? kvm_vcpu_release+0xa0/0xa0 [ 2840.093117] do_vfs_ioctl+0x7ae/0x1060 [ 2840.097037] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2840.101824] ? ioctl_preallocate+0x1c0/0x1c0 [ 2840.106287] ? security_file_ioctl+0x1f/0xb0 [ 2840.110722] ? security_file_ioctl+0x89/0xb0 [ 2840.115404] SyS_ioctl+0x8f/0xc0 [ 2840.118891] ? do_vfs_ioctl+0x1060/0x1060 [ 2840.123273] do_syscall_64+0x1e8/0x640 [ 2840.127474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2840.132753] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2840.137995] RIP: 0033:0x45b399 [ 2840.141288] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2840.149275] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2840.156808] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2840.164475] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2840.172079] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2840.179961] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:30 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:30 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2840.418756] warn_alloc_show_mem: 2 callbacks suppressed [ 2840.418797] Mem-Info: [ 2840.428064] active_anon:1299942 inactive_anon:1219 isolated_anon:0 [ 2840.428064] active_file:3242 inactive_file:3040 isolated_file:0 [ 2840.428064] unevictable:0 dirty:3 writeback:0 unstable:0 [ 2840.428064] slab_reclaimable:29237 slab_unreclaimable:108742 [ 2840.428064] mapped:56381 shmem:244 pagetables:33332 bounce:0 [ 2840.428064] free:35784 free_pcp:656 free_cma:0 [ 2840.464412] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:60kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:64kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2840.494934] Node 1 active_anon:3328980kB inactive_anon:12kB active_file:12908kB inactive_file:9620kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16608kB dirty:48kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2840.529737] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2840.533343] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2840.565838] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2840.583669] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2840.590205] CPU: 1 PID: 30667 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2840.592547] Node 0 [ 2840.598351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2840.598356] Call Trace: [ 2840.598374] dump_stack+0x142/0x197 [ 2840.598389] warn_alloc.cold+0x96/0x1af [ 2840.598399] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2840.598418] ? wait_for_completion+0x420/0x420 [ 2840.598443] __alloc_pages_slowpath+0x23c6/0x2930 [ 2840.604466] DMA32 free:33328kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:60kB inactive_file:0kB unevictable:0kB writepending:68kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:688kB local_pcp:0kB free_cma:0kB [ 2840.610313] ? check_preemption_disabled+0x3c/0x250 [ 2840.610336] ? warn_alloc+0xf0/0xf0 [ 2840.610357] ? __might_sleep+0x93/0xb0 [ 2840.610367] __alloc_pages_nodemask+0x62c/0x7a0 [ 2840.610379] ? rcu_read_lock_sched_held+0x110/0x130 [ 2840.610390] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2840.610410] alloc_pages_current+0xec/0x1e0 [ 2840.610425] kvm_mmu_create+0xdf/0x1e0 [ 2840.610440] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2840.610455] kvm_vcpu_init+0x272/0x360 [ 2840.610469] vmx_create_vcpu+0xfc/0x2aa0 [ 2840.610479] ? check_preemption_disabled+0x3c/0x250 [ 2840.610491] ? retint_kernel+0x2d/0x2d [ 2840.610506] ? handle_rdmsr+0x6e0/0x6e0 [ 2840.610523] kvm_arch_vcpu_create+0x8c/0xc0 [ 2840.610536] kvm_vm_ioctl+0x501/0x1600 [ 2840.610548] ? __lock_acquire+0x5f7/0x4620 [ 2840.610559] ? kvm_vcpu_release+0xa0/0xa0 [ 2840.610570] ? retint_kernel+0x2d/0x2d [ 2840.615338] lowmem_reserve[]: [ 2840.616996] ? trace_hardirqs_on_caller+0x400/0x590 [ 2840.617011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2840.617026] ? check_preemption_disabled+0x3c/0x250 [ 2840.617037] ? retint_kernel+0x2d/0x2d [ 2840.617054] ? selinux_file_ioctl+0x19a/0x560 [ 2840.624772] 0 [ 2840.625902] ? selinux_file_ioctl+0x213/0x560 [ 2840.625918] ? kvm_vcpu_release+0xa0/0xa0 [ 2840.625930] do_vfs_ioctl+0x7ae/0x1060 [ 2840.625942] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2840.625960] ? lock_downgrade+0x740/0x740 [ 2840.801657] ? ioctl_preallocate+0x1c0/0x1c0 [ 2840.806295] ? __fget+0x237/0x370 [ 2840.809871] ? security_file_ioctl+0x89/0xb0 [ 2840.814649] SyS_ioctl+0x8f/0xc0 [ 2840.818182] ? do_vfs_ioctl+0x1060/0x1060 [ 2840.822531] do_syscall_64+0x1e8/0x640 [ 2840.822967] 0 [ 2840.826612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2840.826632] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2840.826641] RIP: 0033:0x45b399 [ 2840.826646] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2840.826658] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2840.826664] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2840.826675] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2840.826681] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2840.826687] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2841.011127] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2841.099964] 0 0 0 [ 2841.114173] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2841.118034] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2841.145190] CPU: 1 PID: 30653 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2841.162405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2841.172341] Call Trace: [ 2841.174961] dump_stack+0x142/0x197 [ 2841.178629] warn_alloc.cold+0x96/0x1af [ 2841.182632] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2841.187875] ? wait_for_completion+0x420/0x420 [ 2841.192638] __alloc_pages_slowpath+0x23c6/0x2930 [ 2841.197521] ? warn_alloc+0xf0/0xf0 [ 2841.201317] ? __might_sleep+0x93/0xb0 [ 2841.205231] __alloc_pages_nodemask+0x62c/0x7a0 [ 2841.210028] ? rcu_read_lock_sched_held+0x110/0x130 [ 2841.215190] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2841.220242] ? check_preemption_disabled+0x3c/0x250 [ 2841.225295] alloc_pages_current+0xec/0x1e0 [ 2841.229802] kvm_mmu_create+0xdf/0x1e0 [ 2841.233897] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2841.238445] kvm_vcpu_init+0x272/0x360 [ 2841.242485] vmx_create_vcpu+0xfc/0x2aa0 [ 2841.246574] ? mutex_trylock+0x1c0/0x1c0 [ 2841.250673] ? handle_rdmsr+0x6e0/0x6e0 [ 2841.254849] ? wait_for_completion+0x420/0x420 [ 2841.259615] kvm_arch_vcpu_create+0x8c/0xc0 [ 2841.264056] kvm_vm_ioctl+0x501/0x1600 [ 2841.264713] lowmem_reserve[]: [ 2841.268708] ? __lock_acquire+0x5f7/0x4620 [ 2841.268718] ? find_held_lock+0x35/0x130 [ 2841.268732] ? kvm_vcpu_release+0xa0/0xa0 [ 2841.268741] ? trace_hardirqs_on+0x10/0x10 [ 2841.268752] ? retint_kernel+0x2d/0x2d [ 2841.268764] ? trace_hardirqs_on_caller+0x400/0x590 [ 2841.268775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2841.268789] ? check_preemption_disabled+0x3c/0x250 [ 2841.268797] ? retint_kernel+0x2d/0x2d [ 2841.268806] ? kvm_vcpu_release+0xa0/0xa0 [ 2841.268822] ? do_vfs_ioctl+0x74f/0x1060 [ 2841.268832] ? kvm_vcpu_release+0xa0/0xa0 [ 2841.268842] do_vfs_ioctl+0x7ae/0x1060 [ 2841.268855] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2841.268864] ? lock_downgrade+0x740/0x740 [ 2841.268875] ? ioctl_preallocate+0x1c0/0x1c0 [ 2841.268888] ? __fget+0x237/0x370 [ 2841.268906] ? security_file_ioctl+0x89/0xb0 [ 2841.268920] SyS_ioctl+0x8f/0xc0 [ 2841.268930] ? do_vfs_ioctl+0x1060/0x1060 [ 2841.268942] do_syscall_64+0x1e8/0x640 [ 2841.268952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2841.268968] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2841.268977] RIP: 0033:0x45b399 [ 2841.268982] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2841.268994] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2841.269000] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2841.269005] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2841.269011] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2841.269017] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2841.434178] 0 0 0 0 0 [ 2841.436923] Node 1 Normal free:103240kB min:53504kB low:66880kB high:80256kB active_anon:3328912kB inactive_anon:4kB active_file:12912kB inactive_file:8908kB unevictable:0kB writepending:88kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23744kB pagetables:76904kB bounce:0kB free_pcp:1388kB local_pcp:692kB free_cma:0kB [ 2841.472145] lowmem_reserve[]: 0 0 0 0 0 [ 2841.476583] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2841.497517] Node 0 DMA32: 584*4kB (UMEH) 2532*8kB (UMEH) 648*16kB (UMH) 19*32kB (UMEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33568kB [ 2841.506917] warn_alloc_show_mem: 1 callbacks suppressed [ 2841.506933] Mem-Info: [ 2841.516850] Node 0 [ 2841.520333] active_anon:1299925 inactive_anon:1217 isolated_anon:0 [ 2841.520333] active_file:3231 inactive_file:2228 isolated_file:0 [ 2841.520333] unevictable:0 dirty:31 writeback:0 unstable:0 [ 2841.520333] slab_reclaimable:29030 slab_unreclaimable:108977 [ 2841.520333] mapped:56381 shmem:244 pagetables:33271 bounce:0 [ 2841.520333] free:36754 free_pcp:523 free_cma:0 [ 2841.522206] Normal: [ 2841.524944] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2841.563483] 0*4kB [ 2841.591911] Node 1 active_anon:3328912kB inactive_anon:4kB active_file:12912kB inactive_file:8908kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16608kB dirty:120kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2841.594658] 0*8kB [ 2841.623798] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2841.628226] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2841.662575] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2841.673457] Node 0 DMA32 free:33136kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:104kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:888kB local_pcp:696kB free_cma:0kB [ 2841.693473] Node 1 [ 2841.704557] lowmem_reserve[]: 0 0 0 0 0 [ 2841.712590] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2841.719188] Normal: [ 2841.739872] lowmem_reserve[]: 0 0 0 0 0 [ 2841.743696] 972*4kB (UME) 917*8kB (UME) 407*16kB (UME) 152*32kB (UME) 84*64kB (ME) 124*128kB (UM) 132*256kB (UME) 41*512kB [ 2841.747487] Node 1 [ 2841.759606] (UME) [ 2841.760145] Normal free:104676kB min:53504kB low:66880kB high:80256kB active_anon:3328812kB inactive_anon:4kB active_file:12912kB inactive_file:8908kB unevictable:0kB writepending:88kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23648kB pagetables:76904kB bounce:0kB free_pcp:1348kB local_pcp:700kB free_cma:0kB [ 2841.762111] 4*1024kB [ 2841.767833] lowmem_reserve[]: [ 2841.795318] (UM) 1*2048kB (M) 0*4096kB = 104776kB [ 2841.801057] 0 0 [ 2841.805551] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.805559] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2841.805566] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.805575] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2841.807960] 0 [ 2841.817479] 5726 total pagecache pages 12:41:31 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2841.829467] 0 [ 2841.835831] 0 pages in swap cache [ 2841.835839] Swap cache stats: add 0, delete 0, find 0/0 [ 2841.835843] Free swap = 0kB [ 2841.835846] Total swap = 0kB [ 2841.835854] 1965979 pages RAM [ 2841.835858] 0 pages HighMem/MovableOnly [ 2841.835861] 335855 pages reserved [ 2841.835864] 0 pages cma reserved [ 2841.889129] 0 [ 2841.891937] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2841.915945] Node 0 DMA32: 584*4kB (UMEH) 2539*8kB (UMEH) 648*16kB (UMH) 19*32kB (UMEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33624kB [ 2841.935237] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2841.956331] Node 1 Normal: 989*4kB (UM) 876*8kB (UME) 413*16kB (UM) 154*32kB (UME) 84*64kB (UM) 132*128kB (UM) 134*256kB (UME) 41*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 106212kB [ 2841.978622] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.988636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2842.003739] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2842.025560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2842.034961] 5726 total pagecache pages [ 2842.039068] 0 pages in swap cache [ 2842.047631] Swap cache stats: add 0, delete 0, find 0/0 [ 2842.053652] Free swap = 0kB [ 2842.056963] Total swap = 0kB [ 2842.065012] 1965979 pages RAM [ 2842.068382] 0 pages HighMem/MovableOnly [ 2842.073712] 335855 pages reserved [ 2842.077709] 0 pages cma reserved 12:41:32 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:32 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:41:32 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2842.133346] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2842.165367] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2842.173986] CPU: 0 PID: 30718 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2842.182510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.191999] Call Trace: [ 2842.194610] dump_stack+0x142/0x197 [ 2842.198675] warn_alloc.cold+0x96/0x1af [ 2842.202790] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2842.207674] ? wait_for_completion+0x420/0x420 [ 2842.212447] __alloc_pages_slowpath+0x23c6/0x2930 [ 2842.217431] ? warn_alloc+0xf0/0xf0 [ 2842.221409] ? __might_sleep+0x93/0xb0 [ 2842.225323] __alloc_pages_nodemask+0x62c/0x7a0 [ 2842.230018] ? rcu_read_lock_sched_held+0x110/0x130 [ 2842.235501] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2842.240556] alloc_pages_current+0xec/0x1e0 [ 2842.245073] kvm_mmu_create+0xdf/0x1e0 [ 2842.249204] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2842.253680] kvm_vcpu_init+0x272/0x360 [ 2842.257609] vmx_create_vcpu+0xfc/0x2aa0 [ 2842.261827] ? mutex_trylock+0x1c0/0x1c0 [ 2842.265932] ? handle_rdmsr+0x6e0/0x6e0 [ 2842.269934] ? wait_for_completion+0x420/0x420 [ 2842.274809] kvm_arch_vcpu_create+0x8c/0xc0 [ 2842.279745] kvm_vm_ioctl+0x501/0x1600 [ 2842.283769] ? __lock_acquire+0x5f7/0x4620 [ 2842.288381] ? kvm_vcpu_release+0xa0/0xa0 [ 2842.292562] ? trace_hardirqs_on+0x10/0x10 [ 2842.296804] ? retint_kernel+0x2d/0x2d [ 2842.301008] ? trace_hardirqs_on_caller+0x400/0x590 [ 2842.306033] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2842.310900] ? check_preemption_disabled+0x3c/0x250 [ 2842.315994] ? retint_kernel+0x2d/0x2d [ 2842.319930] ? do_vfs_ioctl+0x83/0x1060 [ 2842.323911] ? kvm_vcpu_release+0xa0/0xa0 [ 2842.328068] do_vfs_ioctl+0x7ae/0x1060 [ 2842.331967] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2842.337083] ? lock_downgrade+0x740/0x740 [ 2842.341569] ? ioctl_preallocate+0x1c0/0x1c0 [ 2842.346201] ? __fget+0x237/0x370 [ 2842.349667] ? security_file_ioctl+0x89/0xb0 [ 2842.354329] SyS_ioctl+0x8f/0xc0 [ 2842.357922] ? do_vfs_ioctl+0x1060/0x1060 [ 2842.362171] do_syscall_64+0x1e8/0x640 [ 2842.366442] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2842.371303] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2842.376496] RIP: 0033:0x45b399 12:41:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2842.379690] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2842.387557] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2842.395005] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2842.402400] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2842.409979] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2842.417287] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:32 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:41:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:33 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:33 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2843.087622] Mem-Info: [ 2843.095240] active_anon:1304038 inactive_anon:1219 isolated_anon:0 [ 2843.095240] active_file:2688 inactive_file:1764 isolated_file:3 [ 2843.095240] unevictable:0 dirty:65 writeback:5 unstable:0 [ 2843.095240] slab_reclaimable:29043 slab_unreclaimable:108774 [ 2843.095240] mapped:55331 shmem:244 pagetables:33386 bounce:0 [ 2843.095240] free:33706 free_pcp:639 free_cma:0 [ 2843.140216] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:60kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 12:41:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2843.709515] Node 1 active_anon:3362524kB inactive_anon:12kB active_file:10628kB inactive_file:10936kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:12232kB dirty:4428kB writeback:8kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2843.734099] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2843.821076] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2843.827115] CPU: 1 PID: 30761 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2843.835204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2843.844756] Call Trace: [ 2843.847507] dump_stack+0x142/0x197 [ 2843.851508] warn_alloc.cold+0x96/0x1af [ 2843.855630] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2843.861055] ? wait_for_completion+0x420/0x420 [ 2843.865874] __alloc_pages_slowpath+0x23c6/0x2930 [ 2843.870764] ? warn_alloc+0xf0/0xf0 [ 2843.874568] ? __might_sleep+0x93/0xb0 [ 2843.878576] __alloc_pages_nodemask+0x62c/0x7a0 [ 2843.883274] ? rcu_read_lock_sched_held+0x110/0x130 [ 2843.888616] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2843.894119] alloc_pages_current+0xec/0x1e0 [ 2843.898562] kvm_mmu_create+0xdf/0x1e0 [ 2843.902486] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2843.907084] kvm_vcpu_init+0x272/0x360 [ 2843.911183] vmx_create_vcpu+0xfc/0x2aa0 [ 2843.915338] ? mutex_trylock+0x1c0/0x1c0 [ 2843.919436] ? handle_rdmsr+0x6e0/0x6e0 [ 2843.923586] ? wait_for_completion+0x420/0x420 [ 2843.928476] kvm_arch_vcpu_create+0x8c/0xc0 [ 2843.933224] kvm_vm_ioctl+0x501/0x1600 [ 2843.937538] ? trace_hardirqs_on+0x10/0x10 [ 2843.941864] ? trace_hardirqs_on_caller+0x400/0x590 [ 2843.947100] ? kvm_vcpu_release+0xa0/0xa0 [ 2843.951344] ? finish_task_switch+0x178/0x650 [ 2843.955844] ? finish_task_switch+0x14d/0x650 [ 2843.960434] ? switch_mm_irqs_off+0x5e1/0xec0 [ 2843.965193] ? rcu_read_unlock_special+0x639/0xd40 [ 2843.970133] ? find_held_lock+0x35/0x130 [ 2843.974204] ? rcu_read_unlock_special+0x639/0xd40 [ 2843.979149] ? save_trace+0x290/0x290 [ 2843.983058] ? __fget+0x210/0x370 [ 2843.986615] ? find_held_lock+0x35/0x130 [ 2843.990734] ? __fget+0x210/0x370 [ 2843.994195] ? kvm_vcpu_release+0xa0/0xa0 [ 2843.998438] do_vfs_ioctl+0x7ae/0x1060 [ 2844.002436] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2844.007835] ? lock_downgrade+0x740/0x740 [ 2844.012057] ? ioctl_preallocate+0x1c0/0x1c0 [ 2844.016479] ? __fget+0x237/0x370 [ 2844.020098] ? security_file_ioctl+0x89/0xb0 [ 2844.025908] SyS_ioctl+0x8f/0xc0 [ 2844.029393] ? do_vfs_ioctl+0x1060/0x1060 [ 2844.033637] do_syscall_64+0x1e8/0x640 [ 2844.037895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2844.042754] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2844.047947] RIP: 0033:0x45b399 [ 2844.051192] RSP: 002b:00007f93d8723c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2844.059008] RAX: ffffffffffffffda RBX: 00007f93d87246d4 RCX: 000000000045b399 [ 2844.066554] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2844.073880] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2844.081392] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2844.088815] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bfd4 [ 2844.199414] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2844.218712] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2844.249117] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2844.254998] CPU: 0 PID: 30727 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2844.263207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2844.272984] Call Trace: [ 2844.275606] dump_stack+0x142/0x197 [ 2844.279858] warn_alloc.cold+0x96/0x1af [ 2844.283862] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2844.288900] ? retint_kernel+0x2d/0x2d [ 2844.292818] ? wait_for_completion+0x420/0x420 [ 2844.297527] __alloc_pages_slowpath+0x23c6/0x2930 [ 2844.302415] ? warn_alloc+0xf0/0xf0 [ 2844.306182] ? __might_sleep+0x93/0xb0 [ 2844.310194] __alloc_pages_nodemask+0x62c/0x7a0 [ 2844.315096] ? rcu_read_lock_sched_held+0x110/0x130 [ 2844.320144] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2844.325374] alloc_pages_current+0xec/0x1e0 [ 2844.329984] kvm_mmu_create+0xdf/0x1e0 [ 2844.333902] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2844.338479] kvm_vcpu_init+0x272/0x360 [ 2844.342544] vmx_create_vcpu+0xfc/0x2aa0 [ 2844.346852] ? check_preemption_disabled+0x3c/0x250 [ 2844.351899] ? retint_kernel+0x2d/0x2d [ 2844.355949] ? handle_rdmsr+0x6e0/0x6e0 [ 2844.360557] ? kvm_arch_vcpu_create+0x14/0xc0 [ 2844.365220] kvm_arch_vcpu_create+0x8c/0xc0 [ 2844.370052] kvm_vm_ioctl+0x501/0x1600 [ 2844.373971] ? __lock_acquire+0x5f7/0x4620 [ 2844.378318] ? do_futex+0xdc/0x19e0 [ 2844.382205] ? kvm_vcpu_release+0xa0/0xa0 [ 2844.386470] ? retint_kernel+0x2d/0x2d [ 2844.390396] ? retint_kernel+0x2d/0x2d [ 2844.394320] ? trace_hardirqs_on_caller+0x400/0x590 [ 2844.399494] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2844.404461] ? check_preemption_disabled+0x3c/0x250 [ 2844.409512] ? retint_kernel+0x2d/0x2d [ 2844.413731] ? do_vfs_ioctl+0xd29/0x1060 [ 2844.417952] ? kvm_vcpu_release+0xa0/0xa0 [ 2844.422419] do_vfs_ioctl+0x7ae/0x1060 [ 2844.426614] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2844.431581] ? lock_downgrade+0x740/0x740 [ 2844.435977] ? ioctl_preallocate+0x1c0/0x1c0 [ 2844.440435] ? __fget+0x237/0x370 [ 2844.444296] ? security_file_ioctl+0x89/0xb0 [ 2844.448759] SyS_ioctl+0x8f/0xc0 [ 2844.452390] ? do_vfs_ioctl+0x1060/0x1060 [ 2844.456570] do_syscall_64+0x1e8/0x640 [ 2844.460491] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2844.465642] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2844.470960] RIP: 0033:0x45b399 [ 2844.474516] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2844.482726] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2844.490203] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2844.497675] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2844.505534] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2844.512911] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2844.529060] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2844.535070] Node 0 DMA32 free:33112kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1168kB local_pcp:452kB free_cma:0kB [ 2844.566443] lowmem_reserve[]: 0 0 0 0 0 [ 2844.571201] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2844.597813] lowmem_reserve[]: 0 0 0 0 0 [ 2844.602525] Node 1 Normal free:76072kB min:53504kB low:66880kB high:80256kB active_anon:3362104kB inactive_anon:12kB active_file:10604kB inactive_file:6224kB unevictable:0kB writepending:204kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23936kB pagetables:77412kB bounce:0kB free_pcp:1524kB local_pcp:792kB free_cma:0kB [ 2844.637044] lowmem_reserve[]: 0 0 0 0 0 [ 2844.642142] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2844.661730] Node 0 DMA32: 528*4kB (UMH) 2548*8kB (UMEH) 637*16kB (UEH) 14*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33136kB [ 2844.678774] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2844.704036] Node 1 Normal: 810*4kB (UME) 230*8kB (UME) 68*16kB (UME) 22*32kB (UME) 8*64kB (ME) 100*128kB (UM) 130*256kB (UME) 32*512kB (UME) 4*1024kB (UM) 1*2048kB (M) 0*4096kB = 75992kB [ 2844.728476] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2844.744038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2844.756330] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2844.773105] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2844.784960] 4436 total pagecache pages [ 2844.789692] 0 pages in swap cache [ 2844.799104] Swap cache stats: add 0, delete 0, find 0/0 [ 2844.807157] Mem-Info: [ 2844.809723] Free swap = 0kB [ 2844.819086] active_anon:1308457 inactive_anon:1219 isolated_anon:0 [ 2844.819086] active_file:2590 inactive_file:1574 isolated_file:0 [ 2844.819086] unevictable:0 dirty:34 writeback:0 unstable:0 [ 2844.819086] slab_reclaimable:29039 slab_unreclaimable:108444 [ 2844.819086] mapped:55058 shmem:244 pagetables:33398 bounce:0 [ 2844.819086] free:29956 free_pcp:517 free_cma:0 [ 2844.872451] Total swap = 0kB [ 2844.877792] 1965979 pages RAM [ 2844.884980] 0 pages HighMem/MovableOnly [ 2844.889512] 335855 pages reserved [ 2844.896385] 0 pages cma reserved [ 2844.903400] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:4kB inactive_file:2600kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:2604kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2844.940504] Node 1 active_anon:3363040kB inactive_anon:12kB active_file:10356kB inactive_file:11696kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:11316kB dirty:5732kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2845.002837] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2845.014684] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2845.032871] CPU: 1 PID: 30732 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2845.041124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2845.050775] Call Trace: [ 2845.053480] dump_stack+0x142/0x197 [ 2845.057260] warn_alloc.cold+0x96/0x1af [ 2845.061263] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2845.066278] ? wait_for_completion+0x420/0x420 [ 2845.067399] Node 0 [ 2845.071527] __alloc_pages_slowpath+0x23c6/0x2930 [ 2845.071541] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2845.071565] ? warn_alloc+0xf0/0xf0 [ 2845.071582] ? __might_sleep+0x93/0xb0 [ 2845.071592] __alloc_pages_nodemask+0x62c/0x7a0 [ 2845.071608] ? rcu_read_lock_sched_held+0x110/0x130 [ 2845.071618] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2845.071632] ? check_preemption_disabled+0x3c/0x250 [ 2845.071645] alloc_pages_current+0xec/0x1e0 [ 2845.071660] kvm_mmu_create+0xdf/0x1e0 [ 2845.086005] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2845.088283] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2845.088298] kvm_vcpu_init+0x272/0x360 [ 2845.088311] vmx_create_vcpu+0xfc/0x2aa0 [ 2845.088325] ? mutex_trylock+0x1c0/0x1c0 [ 2845.110437] lowmem_reserve[]: [ 2845.112481] ? retint_kernel+0x2d/0x2d [ 2845.112497] ? handle_rdmsr+0x6e0/0x6e0 [ 2845.112507] ? wait_for_completion+0x420/0x420 [ 2845.112522] kvm_arch_vcpu_create+0x8c/0xc0 [ 2845.122784] 0 [ 2845.147777] kvm_vm_ioctl+0x501/0x1600 [ 2845.147790] ? __lock_acquire+0x5f7/0x4620 [ 2845.147799] ? find_held_lock+0x35/0x130 [ 2845.147812] ? kvm_vcpu_release+0xa0/0xa0 [ 2845.147824] ? retint_kernel+0x2d/0x2d [ 2845.147835] ? trace_hardirqs_on_caller+0x400/0x590 [ 2845.147845] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2845.147858] ? check_preemption_disabled+0x3c/0x250 [ 2845.147866] ? retint_kernel+0x2d/0x2d [ 2845.147882] ? selinux_file_ioctl+0x83/0x560 [ 2845.147891] ? selinux_file_ioctl+0xaa/0x560 [ 2845.147901] ? kvm_vcpu_release+0xa0/0xa0 [ 2845.147913] do_vfs_ioctl+0x7ae/0x1060 [ 2845.147925] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2845.230147] 2569 [ 2845.232637] ? lock_downgrade+0x740/0x740 [ 2845.232652] ? ioctl_preallocate+0x1c0/0x1c0 [ 2845.232666] ? __fget+0x237/0x370 [ 2845.232685] ? security_file_ioctl+0x89/0xb0 [ 2845.246378] 2569 [ 2845.250529] SyS_ioctl+0x8f/0xc0 [ 2845.250541] ? do_vfs_ioctl+0x1060/0x1060 [ 2845.250555] do_syscall_64+0x1e8/0x640 [ 2845.250565] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2845.250582] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2845.250589] RIP: 0033:0x45b399 [ 2845.250594] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2845.250604] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2845.250609] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2845.250614] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2845.250618] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2845.250624] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2845.351582] 2569 2569 12:41:35 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:35 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:35 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2845.354270] Node 0 DMA32 free:33512kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:12kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1428kB local_pcp:728kB free_cma:0kB [ 2845.454431] lowmem_reserve[]: 0 0 0 0 0 [ 2845.471129] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2845.498859] lowmem_reserve[]: 0 0 0 0 0 [ 2845.511127] Node 1 Normal free:77284kB min:53504kB low:66880kB high:80256kB active_anon:3363092kB inactive_anon:12kB active_file:10348kB inactive_file:6656kB unevictable:0kB writepending:484kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23840kB pagetables:77436kB bounce:0kB free_pcp:456kB local_pcp:140kB free_cma:0kB 12:41:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2845.772319] lowmem_reserve[]: 0 0 0 0 0 [ 2845.776746] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2845.805780] Node 0 DMA32: 73*4kB (H) 2092*8kB (UH) 627*16kB (UEH) 9*32kB (UEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27348kB [ 2845.822461] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2845.838003] Node 1 Normal: 2*4kB (ME) 0*8kB 1*16kB (M) 1*32kB (M) 0*64kB 90*128kB (UE) 129*256kB (UME) 28*512kB (UE) 2*1024kB (U) 0*2048kB 0*4096kB = 60984kB [ 2845.858540] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2845.867871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2845.882456] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2845.895217] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2845.906873] 8231 total pagecache pages [ 2845.916773] 0 pages in swap cache [ 2845.922908] Swap cache stats: add 0, delete 0, find 0/0 [ 2845.929322] Free swap = 0kB [ 2845.936328] Total swap = 0kB [ 2845.941509] 1965979 pages RAM [ 2845.945289] 0 pages HighMem/MovableOnly [ 2845.949862] 335855 pages reserved [ 2845.957348] 0 pages cma reserved 12:41:36 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:36 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2846.684970] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2846.743750] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2846.780202] CPU: 0 PID: 30782 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2846.788435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2846.798003] Call Trace: [ 2846.800621] dump_stack+0x142/0x197 [ 2846.804436] warn_alloc.cold+0x96/0x1af [ 2846.808619] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2846.813849] ? wait_for_completion+0x420/0x420 [ 2846.818920] __alloc_pages_slowpath+0x23c6/0x2930 [ 2846.823904] ? warn_alloc+0xf0/0xf0 [ 2846.827568] ? __might_sleep+0x93/0xb0 [ 2846.831647] __alloc_pages_nodemask+0x62c/0x7a0 [ 2846.836494] ? rcu_read_lock_sched_held+0x110/0x130 [ 2846.841542] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2846.846917] ? check_preemption_disabled+0x3c/0x250 [ 2846.851974] alloc_pages_current+0xec/0x1e0 [ 2846.856442] kvm_mmu_create+0xdf/0x1e0 [ 2846.860449] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2846.864806] kvm_vcpu_init+0x272/0x360 [ 2846.868718] vmx_create_vcpu+0xfc/0x2aa0 [ 2846.872889] ? mutex_trylock+0x1c0/0x1c0 [ 2846.877326] ? handle_rdmsr+0x6e0/0x6e0 [ 2846.881544] ? wait_for_completion+0x420/0x420 [ 2846.886349] kvm_arch_vcpu_create+0x8c/0xc0 [ 2846.891036] kvm_vm_ioctl+0x501/0x1600 [ 2846.895026] ? __lock_acquire+0x5f7/0x4620 [ 2846.899620] ? retint_kernel+0x2d/0x2d [ 2846.903721] ? kvm_vcpu_release+0xa0/0xa0 [ 2846.907946] ? retint_kernel+0x2d/0x2d [ 2846.911867] ? trace_hardirqs_on_caller+0x400/0x590 [ 2846.917163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2846.922039] ? check_preemption_disabled+0x3c/0x250 [ 2846.927269] ? retint_kernel+0x2d/0x2d [ 2846.931379] ? selinux_file_ioctl+0x19a/0x560 [ 2846.936221] ? selinux_file_ioctl+0x22c/0x560 [ 2846.940831] ? kvm_vcpu_release+0xa0/0xa0 [ 2846.945012] do_vfs_ioctl+0x7ae/0x1060 [ 2846.949207] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2846.954087] ? lock_downgrade+0x740/0x740 [ 2846.958481] ? ioctl_preallocate+0x1c0/0x1c0 [ 2846.963091] ? __fget+0x237/0x370 [ 2846.966866] ? security_file_ioctl+0x89/0xb0 [ 2846.971793] SyS_ioctl+0x8f/0xc0 [ 2846.975484] ? do_vfs_ioctl+0x1060/0x1060 [ 2846.979850] do_syscall_64+0x1e8/0x640 [ 2846.984000] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2846.989286] entry_SYSCALL_64_after_hwframe+0x42/0xb7 12:41:37 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2846.994617] RIP: 0033:0x45b399 [ 2846.997823] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2847.006023] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2847.013317] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2847.021132] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2847.029346] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2847.036862] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2847.401550] warn_alloc_show_mem: 2 callbacks suppressed [ 2847.415999] Mem-Info: [ 2847.418811] active_anon:1312779 inactive_anon:1220 isolated_anon:0 [ 2847.418811] active_file:2449 inactive_file:5063 isolated_file:61 [ 2847.418811] unevictable:0 dirty:1841 writeback:501 unstable:0 [ 2847.418811] slab_reclaimable:29182 slab_unreclaimable:108343 [ 2847.418811] mapped:54291 shmem:244 pagetables:33485 bounce:0 [ 2847.418811] free:21973 free_pcp:482 free_cma:0 12:41:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2847.510619] Node 0 active_anon:1870792kB inactive_anon:4864kB active_file:16kB inactive_file:4268kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:704kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2847.585153] Node 1 active_anon:3377324kB inactive_anon:16kB active_file:9564kB inactive_file:9644kB unevictable:0kB isolated(anon):0kB isolated(file):284kB mapped:7248kB dirty:1960kB writeback:2704kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2847.820228] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2847.867375] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2847.873103] Node 0 DMA32 free:34880kB min:36384kB low:45480kB high:54576kB active_anon:1866664kB inactive_anon:4864kB active_file:16kB inactive_file:48kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1024kB local_pcp:396kB free_cma:0kB [ 2847.903497] lowmem_reserve[]: 0 0 0 0 0 [ 2847.908564] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2847.935956] lowmem_reserve[]: 0 0 0 0 0 [ 2848.148506] Node 1 Normal free:73720kB min:53504kB low:66880kB high:80256kB active_anon:3365664kB inactive_anon:12kB active_file:4072kB inactive_file:11392kB unevictable:0kB writepending:4024kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24160kB pagetables:77716kB bounce:0kB free_pcp:848kB local_pcp:20kB free_cma:0kB [ 2848.185396] lowmem_reserve[]: 0 0 0 0 0 [ 2848.191909] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2848.210260] Node 0 DMA32: 704*4kB (UMH) 2236*8kB (UMH) 667*16kB (UMEH) 5*32kB (ME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31536kB [ 2848.226083] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2848.238361] Node 1 Normal: 827*4kB (UME) 328*8kB (UME) 255*16kB (UME) 122*32kB (UM) 42*64kB (UM) 107*128kB (UME) 127*256kB (UME) 28*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 77148kB [ 2848.256567] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2848.266548] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2848.276671] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2848.286612] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2848.296526] 1932 total pagecache pages [ 2848.301092] 0 pages in swap cache [ 2848.304887] Swap cache stats: add 0, delete 0, find 0/0 [ 2848.311019] Free swap = 0kB [ 2848.314760] Total swap = 0kB [ 2848.318304] 1965979 pages RAM [ 2848.322098] 0 pages HighMem/MovableOnly [ 2848.326458] 335855 pages reserved [ 2848.330480] 0 pages cma reserved [ 2848.382403] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2848.396116] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2848.424266] CPU: 1 PID: 30832 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2848.432997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.443910] Call Trace: [ 2848.446922] dump_stack+0x142/0x197 [ 2848.451048] warn_alloc.cold+0x96/0x1af [ 2848.456154] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2848.461035] ? wait_for_completion+0x420/0x420 [ 2848.465914] __alloc_pages_slowpath+0x23c6/0x2930 [ 2848.471301] ? warn_alloc+0xf0/0xf0 [ 2848.475204] ? __might_sleep+0x93/0xb0 [ 2848.479556] __alloc_pages_nodemask+0x62c/0x7a0 [ 2848.484586] ? rcu_read_lock_sched_held+0x110/0x130 [ 2848.491184] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2848.497193] alloc_pages_current+0xec/0x1e0 [ 2848.502128] kvm_mmu_create+0xdf/0x1e0 [ 2848.506429] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2848.510767] kvm_vcpu_init+0x272/0x360 [ 2848.515524] vmx_create_vcpu+0xfc/0x2aa0 [ 2848.520805] ? mutex_trylock+0x1c0/0x1c0 [ 2848.525275] ? handle_rdmsr+0x6e0/0x6e0 [ 2848.529677] ? wait_for_completion+0x420/0x420 [ 2848.534498] kvm_arch_vcpu_create+0x8c/0xc0 [ 2848.539077] kvm_vm_ioctl+0x501/0x1600 [ 2848.542981] ? __lock_acquire+0x5f7/0x4620 [ 2848.547742] ? kvm_vcpu_release+0xa0/0xa0 [ 2848.552095] ? trace_hardirqs_on+0x10/0x10 [ 2848.556665] ? trace_hardirqs_on+0x10/0x10 [ 2848.561310] ? __might_fault+0x110/0x1d0 [ 2848.565476] ? save_trace+0x290/0x290 [ 2848.569772] ? __might_fault+0x110/0x1d0 [ 2848.574325] ? __fget+0x210/0x370 [ 2848.578149] ? find_held_lock+0x35/0x130 [ 2848.582499] ? __fget+0x210/0x370 [ 2848.587467] ? kvm_vcpu_release+0xa0/0xa0 [ 2848.591921] do_vfs_ioctl+0x7ae/0x1060 [ 2848.596410] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2848.601749] ? lock_downgrade+0x740/0x740 [ 2848.606329] ? ioctl_preallocate+0x1c0/0x1c0 [ 2848.611000] ? __fget+0x237/0x370 [ 2848.614663] ? security_file_ioctl+0x89/0xb0 [ 2848.619103] SyS_ioctl+0x8f/0xc0 [ 2848.622741] ? do_vfs_ioctl+0x1060/0x1060 [ 2848.626913] do_syscall_64+0x1e8/0x640 [ 2848.630818] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2848.635794] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2848.641266] RIP: 0033:0x45b399 [ 2848.644753] RSP: 002b:00007fdd1022bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2848.650929] syz-executor.5: [ 2848.652629] RAX: ffffffffffffffda RBX: 00007fdd1022c6d4 RCX: 000000000045b399 [ 2848.652635] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2848.652640] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2848.652646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2848.652652] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075c07c [ 2848.668435] Mem-Info: [ 2848.671313] page allocation failure: order:0 [ 2848.686454] active_anon:1309089 inactive_anon:1219 isolated_anon:0 [ 2848.686454] active_file:1014 inactive_file:645 isolated_file:3 [ 2848.686454] unevictable:0 dirty:12 writeback:0 unstable:0 [ 2848.686454] slab_reclaimable:29237 slab_unreclaimable:107887 [ 2848.686454] mapped:53610 shmem:244 pagetables:33449 bounce:0 [ 2848.686454] free:32106 free_pcp:549 free_cma:0 [ 2848.686880] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2848.699514] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2848.703193] (null) [ 2848.741915] Node 1 active_anon:3365568kB inactive_anon:12kB active_file:4056kB inactive_file:2576kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5524kB dirty:44kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2848.748141] syz-executor.5 cpuset= [ 2848.781174] Node 0 [ 2848.807206] syz5 mems_allowed=0-1 [ 2848.815966] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2848.817045] CPU: 0 PID: 30783 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2848.844374] lowmem_reserve[]: [ 2848.852070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.852076] Call Trace: [ 2848.852095] dump_stack+0x142/0x197 [ 2848.852109] warn_alloc.cold+0x96/0x1af [ 2848.852118] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2848.852135] ? wait_for_completion+0x420/0x420 [ 2848.852149] __alloc_pages_slowpath+0x23c6/0x2930 [ 2848.852167] ? retint_kernel+0x2d/0x2d [ 2848.855456] 0 [ 2848.865053] ? warn_alloc+0xf0/0xf0 [ 2848.865066] ? check_preemption_disabled+0x3c/0x250 [ 2848.865076] ? retint_kernel+0x2d/0x2d [ 2848.865095] __alloc_pages_nodemask+0x62c/0x7a0 [ 2848.865107] ? rcu_read_lock_sched_held+0x110/0x130 [ 2848.865122] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2848.868341] 2569 [ 2848.871569] alloc_pages_current+0xec/0x1e0 [ 2848.871585] kvm_mmu_create+0xdf/0x1e0 [ 2848.871597] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2848.871610] kvm_vcpu_init+0x272/0x360 [ 2848.875853] 2569 [ 2848.880556] vmx_create_vcpu+0xfc/0x2aa0 [ 2848.880569] ? check_preemption_disabled+0x3c/0x250 [ 2848.880579] ? retint_kernel+0x2d/0x2d [ 2848.880592] ? handle_rdmsr+0x6e0/0x6e0 [ 2848.880608] kvm_arch_vcpu_create+0x8c/0xc0 [ 2848.885794] 2569 [ 2848.890131] kvm_vm_ioctl+0x501/0x1600 [ 2848.890144] ? __lock_acquire+0x5f7/0x4620 [ 2848.890157] ? kvm_vcpu_release+0xa0/0xa0 [ 2848.890165] ? trace_hardirqs_on+0x10/0x10 [ 2848.890179] ? trace_hardirqs_on+0x10/0x10 [ 2848.894188] 2569 [ 2848.895972] ? __might_fault+0x110/0x1d0 [ 2848.895985] ? save_trace+0x290/0x290 [ 2848.895993] ? __might_fault+0x110/0x1d0 [ 2848.896004] ? __fget+0x210/0x370 [ 2848.896015] ? retint_kernel+0x2d/0x2d [ 2848.896031] ? kvm_vcpu_release+0xa0/0xa0 [ 2848.905118] do_vfs_ioctl+0x7ae/0x1060 [ 2848.905133] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2848.905141] ? check_preemption_disabled+0x3c/0x250 [ 2848.905152] ? ioctl_preallocate+0x1c0/0x1c0 [ 2848.905172] ? security_file_ioctl+0x89/0xb0 [ 2848.905182] SyS_ioctl+0x8f/0xc0 [ 2848.905194] ? do_vfs_ioctl+0x1060/0x1060 [ 2848.912155] Node 0 [ 2848.914351] do_syscall_64+0x1e8/0x640 [ 2848.914362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2848.914381] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2848.919589] DMA32 free:34388kB min:36384kB low:45480kB high:54576kB active_anon:1866660kB inactive_anon:4864kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17760kB pagetables:56180kB bounce:0kB free_pcp:1284kB local_pcp:680kB free_cma:0kB [ 2848.924730] RIP: 0033:0x45b399 [ 2848.924736] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2848.924746] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2848.924751] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2848.924757] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2848.924761] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2848.924767] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2849.147346] lowmem_reserve[]: 0 0 0 0 0 [ 2849.151855] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2849.179435] lowmem_reserve[]: 0 0 0 0 0 [ 2849.183718] Node 1 Normal free:83420kB min:53504kB low:66880kB high:80256kB active_anon:3365452kB inactive_anon:12kB active_file:4252kB inactive_file:2724kB unevictable:0kB writepending:160kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23680kB pagetables:77508kB bounce:0kB free_pcp:1096kB local_pcp:576kB free_cma:0kB [ 2849.214898] lowmem_reserve[]: 0 0 0 0 0 [ 2849.218966] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2849.235271] Node 0 DMA32: 705*4kB (UMH) 2592*8kB (UMH) 667*16kB (UMEH) 5*32kB (ME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34388kB [ 2849.249807] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2849.260879] Node 1 Normal: 1805*4kB (UM) 499*8kB (UM) 259*16kB (UM) 135*32kB (UME) 46*64kB (UM) 107*128kB (UME) 128*256kB (UME) 28*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 83420kB [ 2849.277733] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2849.287089] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2849.296390] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2849.305493] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2849.314841] 2002 total pagecache pages [ 2849.318753] 0 pages in swap cache [ 2849.322422] Swap cache stats: add 0, delete 0, find 0/0 12:41:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2849.327815] Free swap = 0kB [ 2849.330895] Total swap = 0kB [ 2849.334156] 1965979 pages RAM [ 2849.337453] 0 pages HighMem/MovableOnly [ 2849.341638] 335855 pages reserved [ 2849.345297] 0 pages cma reserved 12:41:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:39 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:39 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:39 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:39 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:40 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2850.674471] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2850.747333] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2850.762009] CPU: 0 PID: 30852 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2850.769941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.779306] Call Trace: [ 2850.781912] dump_stack+0x142/0x197 [ 2850.785571] warn_alloc.cold+0x96/0x1af [ 2850.789675] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2850.794536] ? wait_for_completion+0x420/0x420 [ 2850.799135] __alloc_pages_slowpath+0x23c6/0x2930 [ 2850.804005] ? warn_alloc+0xf0/0xf0 [ 2850.807655] ? __might_sleep+0x93/0xb0 [ 2850.811560] __alloc_pages_nodemask+0x62c/0x7a0 [ 2850.816296] ? rcu_read_lock_sched_held+0x110/0x130 [ 2850.821445] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2850.826489] ? check_preemption_disabled+0x3c/0x250 [ 2850.831639] alloc_pages_current+0xec/0x1e0 [ 2850.835972] kvm_mmu_create+0xdf/0x1e0 [ 2850.839866] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2850.844226] kvm_vcpu_init+0x272/0x360 [ 2850.848272] vmx_create_vcpu+0xfc/0x2aa0 [ 2850.852344] ? mutex_trylock+0x1c0/0x1c0 [ 2850.856463] ? handle_rdmsr+0x6e0/0x6e0 [ 2850.860477] ? wait_for_completion+0x420/0x420 [ 2850.865078] kvm_arch_vcpu_create+0x8c/0xc0 [ 2850.869557] kvm_vm_ioctl+0x501/0x1600 [ 2850.873483] ? __lock_acquire+0x5f7/0x4620 [ 2850.877724] ? trace_hardirqs_on_caller+0x400/0x590 [ 2850.882763] ? kvm_vcpu_release+0xa0/0xa0 [ 2850.887134] ? retint_kernel+0x2d/0x2d [ 2850.891022] ? trace_hardirqs_on_caller+0x400/0x590 [ 2850.896057] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2850.900836] ? check_preemption_disabled+0x3c/0x250 [ 2850.905851] ? retint_kernel+0x2d/0x2d [ 2850.909745] ? selinux_file_ioctl+0x2b4/0x560 [ 2850.914245] ? kvm_vcpu_release+0xa0/0xa0 [ 2850.918501] do_vfs_ioctl+0x7ae/0x1060 [ 2850.922445] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2850.927211] ? lock_downgrade+0x740/0x740 [ 2850.931376] ? ioctl_preallocate+0x1c0/0x1c0 [ 2850.935789] ? __fget+0x237/0x370 [ 2850.939256] ? security_file_ioctl+0x89/0xb0 [ 2850.943673] SyS_ioctl+0x8f/0xc0 [ 2850.947032] ? do_vfs_ioctl+0x1060/0x1060 [ 2850.951185] do_syscall_64+0x1e8/0x640 [ 2850.955070] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2850.959927] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2850.965115] RIP: 0033:0x45b399 [ 2850.968303] RSP: 002b:00007fdd1026dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2850.976019] RAX: ffffffffffffffda RBX: 00007fdd1026e6d4 RCX: 000000000045b399 [ 2850.983583] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2850.990963] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2850.998245] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2851.005537] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2851.117621] warn_alloc_show_mem: 1 callbacks suppressed [ 2851.117635] Mem-Info: [ 2851.135569] active_anon:1310022 inactive_anon:1219 isolated_anon:0 [ 2851.135569] active_file:1456 inactive_file:1473 isolated_file:32 [ 2851.135569] unevictable:0 dirty:323 writeback:1 unstable:0 [ 2851.135569] slab_reclaimable:29104 slab_unreclaimable:107961 [ 2851.135569] mapped:54147 shmem:244 pagetables:33560 bounce:0 [ 2851.135569] free:30080 free_pcp:235 free_cma:0 [ 2851.245545] Node 0 active_anon:1870788kB inactive_anon:4864kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208916kB dirty:4kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2851.281300] Node 1 active_anon:3369400kB inactive_anon:12kB active_file:6000kB inactive_file:11372kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:8572kB dirty:188kB writeback:2404kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2851.313204] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2851.360748] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2851.459872] Node 0 DMA32 free:27168kB min:36384kB low:45480kB high:54576kB active_anon:1867160kB inactive_anon:4864kB active_file:16kB inactive_file:8000kB unevictable:0kB writepending:5776kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17824kB pagetables:56180kB bounce:0kB free_pcp:1124kB local_pcp:904kB free_cma:0kB [ 2851.546077] lowmem_reserve[]: 0 0 0 0 0 [ 2851.592285] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2851.639238] lowmem_reserve[]: 0 0 0 0 0 [ 2851.646360] Node 1 Normal free:54564kB min:53504kB low:66880kB high:80256kB active_anon:3369400kB inactive_anon:12kB active_file:5808kB inactive_file:22520kB unevictable:0kB writepending:12876kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24160kB pagetables:78060kB bounce:0kB free_pcp:912kB local_pcp:244kB free_cma:0kB [ 2851.764235] lowmem_reserve[]: 0 0 0 0 0 [ 2851.775296] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2851.805331] Node 0 DMA32: 720*4kB (UMEH) 2627*8kB (UMEH) 730*16kB (UMEH) 4*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35704kB [ 2851.825297] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2851.837160] Node 1 Normal: 999*4kB (UM) 546*8kB (UM) 238*16kB (UME) 120*32kB (UME) 49*64kB (UME) 86*128kB (UME) 115*256kB (UME) 30*512kB (UME) 1*1024kB (U) 0*2048kB 0*4096kB = 75980kB [ 2851.860914] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2851.870337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2851.879539] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2851.889064] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2851.898088] 2196 total pagecache pages [ 2851.902597] 0 pages in swap cache [ 2851.906429] Swap cache stats: add 0, delete 0, find 0/0 [ 2851.912238] Free swap = 0kB [ 2851.915574] Total swap = 0kB [ 2851.919106] 1965979 pages RAM [ 2851.922704] 0 pages HighMem/MovableOnly [ 2851.927022] 335855 pages reserved [ 2851.930874] 0 pages cma reserved [ 2852.009479] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2852.031495] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2852.037772] CPU: 0 PID: 30848 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2852.045680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2852.055055] Call Trace: [ 2852.057682] dump_stack+0x142/0x197 [ 2852.061330] warn_alloc.cold+0x96/0x1af [ 2852.061541] syz-executor.1: [ 2852.065323] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2852.065345] ? wait_for_completion+0x420/0x420 [ 2852.068421] page allocation failure: order:0 [ 2852.073446] __alloc_pages_slowpath+0x23c6/0x2930 [ 2852.073470] ? warn_alloc+0xf0/0xf0 [ 2852.073487] ? __might_sleep+0x93/0xb0 [ 2852.073498] __alloc_pages_nodemask+0x62c/0x7a0 [ 2852.073511] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2852.073521] ? check_preemption_disabled+0x3c/0x250 [ 2852.073540] alloc_pages_current+0xec/0x1e0 [ 2852.073556] kvm_mmu_create+0xdf/0x1e0 [ 2852.073570] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2852.073584] kvm_vcpu_init+0x272/0x360 [ 2852.073597] vmx_create_vcpu+0xfc/0x2aa0 [ 2852.073608] ? mutex_trylock+0x1c0/0x1c0 [ 2852.073626] ? handle_rdmsr+0x6e0/0x6e0 [ 2852.073639] ? wait_for_completion+0x420/0x420 [ 2852.073654] kvm_arch_vcpu_create+0x8c/0xc0 [ 2852.073666] kvm_vm_ioctl+0x501/0x1600 [ 2852.073678] ? __lock_acquire+0x5f7/0x4620 [ 2852.073687] ? find_held_lock+0x35/0x130 [ 2852.073700] ? kvm_vcpu_release+0xa0/0xa0 [ 2852.073708] ? retint_kernel+0x2d/0x2d [ 2852.073719] ? trace_hardirqs_on_caller+0x400/0x590 [ 2852.073731] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2852.073744] ? check_preemption_disabled+0x3c/0x250 [ 2852.073753] ? retint_kernel+0x2d/0x2d [ 2852.073763] ? __fget+0x210/0x370 [ 2852.073779] ? lock_release+0x44d/0x940 [ 2852.073791] ? kvm_vcpu_release+0xa0/0xa0 [ 2852.073802] do_vfs_ioctl+0x7ae/0x1060 [ 2852.073813] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2852.073821] ? lock_downgrade+0x740/0x740 [ 2852.073832] ? ioctl_preallocate+0x1c0/0x1c0 [ 2852.073844] ? __fget+0x237/0x370 [ 2852.073862] ? security_file_ioctl+0x89/0xb0 [ 2852.073873] SyS_ioctl+0x8f/0xc0 [ 2852.073884] ? do_vfs_ioctl+0x1060/0x1060 [ 2852.100158] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2852.105006] do_syscall_64+0x1e8/0x640 [ 2852.105018] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2852.105035] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2852.251835] RIP: 0033:0x45b399 [ 2852.255031] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2852.262959] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2852.270224] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2852.277496] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2852.284766] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2852.292036] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2852.310268] (null) [ 2852.310652] Mem-Info: [ 2852.312508] syz-executor.1 cpuset=syz1 [ 2852.315101] active_anon:1310287 inactive_anon:1219 isolated_anon:0 [ 2852.315101] active_file:921 inactive_file:628 isolated_file:33 [ 2852.315101] unevictable:0 dirty:4 writeback:0 unstable:0 [ 2852.315101] slab_reclaimable:29057 slab_unreclaimable:107793 [ 2852.315101] mapped:53544 shmem:244 pagetables:33541 bounce:0 [ 2852.315101] free:30946 free_pcp:669 free_cma:0 [ 2852.319048] mems_allowed=0-1 [ 2852.359549] Node 0 active_anon:1871364kB inactive_anon:4864kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:208916kB dirty:0kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2852.394341] Node 1 active_anon:3369784kB inactive_anon:12kB active_file:3356kB inactive_file:2808kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:5260kB dirty:16kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2852.400183] CPU: 1 PID: 30869 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2852.425567] Node 0 [ 2852.429836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2852.429842] Call Trace: [ 2852.429861] dump_stack+0x142/0x197 [ 2852.429875] warn_alloc.cold+0x96/0x1af [ 2852.429885] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2852.429896] ? check_preemption_disabled+0x3c/0x250 [ 2852.429919] __alloc_pages_slowpath+0x23c6/0x2930 [ 2852.429934] ? check_preemption_disabled+0x3c/0x250 [ 2852.433226] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2852.441542] ? warn_alloc+0xf0/0xf0 [ 2852.441563] ? __might_sleep+0x93/0xb0 [ 2852.441576] __alloc_pages_nodemask+0x62c/0x7a0 [ 2852.441587] ? rcu_read_lock_sched_held+0x110/0x130 [ 2852.441599] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2852.441617] alloc_pages_current+0xec/0x1e0 [ 2852.441632] kvm_mmu_create+0xdf/0x1e0 [ 2852.444769] lowmem_reserve[]: [ 2852.447853] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2852.447867] kvm_vcpu_init+0x272/0x360 [ 2852.447882] vmx_create_vcpu+0xfc/0x2aa0 [ 2852.447893] ? mutex_trylock+0x1c0/0x1c0 [ 2852.447902] ? retint_kernel+0x2d/0x2d [ 2852.447918] ? handle_rdmsr+0x6e0/0x6e0 [ 2852.452808] 0 [ 2852.456757] ? wait_for_completion+0x420/0x420 [ 2852.456774] kvm_arch_vcpu_create+0x8c/0xc0 [ 2852.456788] kvm_vm_ioctl+0x501/0x1600 [ 2852.456801] ? __lock_acquire+0x5f7/0x4620 [ 2852.456814] ? kvm_vcpu_release+0xa0/0xa0 [ 2852.456824] ? trace_hardirqs_on+0x10/0x10 [ 2852.456840] ? retint_kernel+0x2d/0x2d [ 2852.462434] 2569 [ 2852.466708] ? trace_hardirqs_on_caller+0x400/0x590 [ 2852.466721] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2852.466735] ? check_preemption_disabled+0x3c/0x250 [ 2852.466747] ? retint_kernel+0x2d/0x2d [ 2852.466758] ? kvm_vcpu_release+0xa0/0xa0 [ 2852.466777] ? kvm_vcpu_release+0xa0/0xa0 [ 2852.472775] 2569 [ 2852.497580] do_vfs_ioctl+0x7ae/0x1060 [ 2852.497596] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2852.497605] ? check_preemption_disabled+0x3c/0x250 [ 2852.497616] ? ioctl_preallocate+0x1c0/0x1c0 [ 2852.497636] ? security_file_ioctl+0x89/0xb0 [ 2852.497647] SyS_ioctl+0x8f/0xc0 [ 2852.497656] ? do_vfs_ioctl+0x1060/0x1060 [ 2852.497668] do_syscall_64+0x1e8/0x640 [ 2852.497689] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2852.501963] 2569 [ 2852.505198] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2852.505208] RIP: 0033:0x45b399 [ 2852.505214] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2852.505226] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2852.505238] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2852.511162] 2569 [ 2852.515154] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2852.515160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2852.515165] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2852.719180] Node 0 DMA32 free:35704kB min:36384kB low:45480kB high:54576kB active_anon:1867236kB inactive_anon:4864kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17792kB pagetables:56192kB bounce:0kB free_pcp:1428kB local_pcp:728kB free_cma:0kB [ 2852.752548] lowmem_reserve[]: 0 0 0 0 0 [ 2852.756995] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2852.786845] lowmem_reserve[]: 0 0 0 0 0 [ 2852.796247] Node 1 Normal free:78648kB min:53504kB low:66880kB high:80256kB active_anon:3369784kB inactive_anon:12kB active_file:2632kB inactive_file:2736kB unevictable:0kB writepending:16kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24032kB pagetables:77972kB bounce:0kB free_pcp:1212kB local_pcp:520kB free_cma:0kB [ 2852.830998] lowmem_reserve[]: 0 0 0 0 0 [ 2852.835544] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2852.856552] Node 0 DMA32: 720*4kB (UMEH) 2627*8kB (UMEH) 730*16kB (UMEH) 4*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35704kB [ 2852.875350] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2852.887168] Node 1 Normal: 1435*4kB (UM) 655*8kB (UM) 273*16kB (UME) 131*32kB (UME) 57*64kB (UME) 86*128kB (UME) 115*256kB (UME) 30*512kB (UME) 1*1024kB (U) 0*2048kB 0*4096kB = 80020kB [ 2852.909260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2852.919636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2852.932338] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2852.943025] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2852.956986] 1232 total pagecache pages [ 2852.962567] 0 pages in swap cache [ 2852.966192] Swap cache stats: add 0, delete 0, find 0/0 [ 2852.974505] Free swap = 0kB [ 2852.977749] Total swap = 0kB [ 2852.982344] 1965979 pages RAM [ 2852.985634] 0 pages HighMem/MovableOnly [ 2852.989667] 335855 pages reserved [ 2852.996148] 0 pages cma reserved 12:41:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:43 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:43 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:43 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:43 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2853.708647] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2853.766638] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2853.795622] CPU: 0 PID: 30911 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2853.803569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2853.812955] Call Trace: [ 2853.815561] dump_stack+0x142/0x197 [ 2853.819210] warn_alloc.cold+0x96/0x1af [ 2853.823198] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2853.828051] ? retint_kernel+0x2d/0x2d [ 2853.831949] ? wait_for_completion+0x420/0x420 [ 2853.836545] __alloc_pages_slowpath+0x23c6/0x2930 [ 2853.841401] ? trace_hardirqs_on_caller+0x400/0x590 [ 2853.846443] ? retint_kernel+0x2d/0x2d [ 2853.850344] ? warn_alloc+0xf0/0xf0 [ 2853.853986] ? __might_sleep+0x93/0xb0 [ 2853.857889] __alloc_pages_nodemask+0x62c/0x7a0 [ 2853.858316] syz-executor.1: [ 2853.862558] ? rcu_read_lock_sched_held+0x110/0x130 [ 2853.862569] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2853.862584] ? check_preemption_disabled+0x3c/0x250 [ 2853.862601] alloc_pages_current+0xec/0x1e0 [ 2853.862615] kvm_mmu_create+0xdf/0x1e0 [ 2853.862627] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2853.862640] kvm_vcpu_init+0x272/0x360 [ 2853.862653] vmx_create_vcpu+0xfc/0x2aa0 [ 2853.862669] ? mutex_trylock+0x1c0/0x1c0 [ 2853.862688] ? handle_rdmsr+0x6e0/0x6e0 [ 2853.862699] ? wait_for_completion+0x420/0x420 [ 2853.862713] kvm_arch_vcpu_create+0x8c/0xc0 [ 2853.862726] kvm_vm_ioctl+0x501/0x1600 [ 2853.892668] page allocation failure: order:0 [ 2853.894234] ? __lock_acquire+0x5f7/0x4620 [ 2853.894252] ? kvm_vcpu_release+0xa0/0xa0 [ 2853.894263] ? trace_hardirqs_on+0x10/0x10 [ 2853.894281] ? retint_kernel+0x2d/0x2d [ 2853.894293] ? trace_hardirqs_on_caller+0x400/0x590 [ 2853.894309] ? save_trace+0x290/0x290 [ 2853.898792] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 2853.902389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2853.902406] ? __fget+0x210/0x370 [ 2853.902418] ? retint_kernel+0x2d/0x2d [ 2853.902433] ? trace_hardirqs_on_caller+0x400/0x590 [ 2853.902445] ? kvm_vcpu_release+0xa0/0xa0 [ 2853.902454] do_vfs_ioctl+0x7ae/0x1060 [ 2853.902466] ? check_preemption_disabled+0x3c/0x250 [ 2853.902478] ? ioctl_preallocate+0x1c0/0x1c0 [ 2853.902495] ? security_file_ioctl+0x40/0xb0 [ 2853.902506] ? security_file_ioctl+0x51/0xb0 [ 2853.902519] ? security_file_ioctl+0x89/0xb0 [ 2853.902531] SyS_ioctl+0x8f/0xc0 [ 2853.902541] ? do_vfs_ioctl+0x1060/0x1060 [ 2853.902556] do_syscall_64+0x1e8/0x640 [ 2853.932732] (null) [ 2853.936349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2853.936372] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2853.936380] RIP: 0033:0x45b399 [ 2853.936386] RSP: 002b:00007f93d8744c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2853.936397] RAX: ffffffffffffffda RBX: 00007f93d87456d4 RCX: 000000000045b399 [ 2853.936402] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 12:41:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2853.936407] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2853.936413] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2853.936418] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2854.179293] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 2854.184257] warn_alloc_show_mem: 1 callbacks suppressed [ 2854.184261] Mem-Info: [ 2854.188404] CPU: 1 PID: 30914 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0 [ 2854.193782] active_anon:1310604 inactive_anon:1219 isolated_anon:0 [ 2854.193782] active_file:804 inactive_file:1826 isolated_file:21 [ 2854.193782] unevictable:0 dirty:5 writeback:16 unstable:0 [ 2854.193782] slab_reclaimable:28907 slab_unreclaimable:108219 [ 2854.193782] mapped:54063 shmem:244 pagetables:33629 bounce:0 [ 2854.193782] free:29165 free_pcp:663 free_cma:0 [ 2854.200575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2854.200581] Call Trace: [ 2854.200603] dump_stack+0x142/0x197 [ 2854.200617] warn_alloc.cold+0x96/0x1af [ 2854.200627] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2854.200667] ? check_preemption_disabled+0x3c/0x250 [ 2854.200677] ? retint_kernel+0x2d/0x2d [ 2854.200694] __alloc_pages_slowpath+0x23c6/0x2930 [ 2854.200715] ? warn_alloc+0xf0/0xf0 [ 2854.200735] ? __might_sleep+0x93/0xb0 [ 2854.200746] __alloc_pages_nodemask+0x62c/0x7a0 [ 2854.200754] ? retint_kernel+0x2d/0x2d [ 2854.200767] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2854.200778] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2854.200789] ? check_preemption_disabled+0x3c/0x250 [ 2854.200814] ? retint_kernel+0x2d/0x2d [ 2854.236469] Node 0 active_anon:1871364kB inactive_anon:4864kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208912kB dirty:0kB writeback:4kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2854.243947] alloc_pages_current+0xec/0x1e0 [ 2854.243965] kvm_mmu_create+0xdf/0x1e0 [ 2854.243979] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2854.243994] kvm_vcpu_init+0x272/0x360 [ 2854.244007] vmx_create_vcpu+0xfc/0x2aa0 [ 2854.244017] ? mutex_trylock+0x1c0/0x1c0 [ 2854.244032] ? handle_rdmsr+0x6e0/0x6e0 [ 2854.244041] ? wait_for_completion+0x420/0x420 [ 2854.244055] kvm_arch_vcpu_create+0x8c/0xc0 [ 2854.247622] Node 1 active_anon:3371052kB inactive_anon:12kB active_file:3204kB inactive_file:7304kB unevictable:0kB isolated(anon):0kB isolated(file):84kB mapped:7340kB dirty:20kB writeback:60kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2854.250269] kvm_vm_ioctl+0x501/0x1600 [ 2854.250283] ? __lock_acquire+0x5f7/0x4620 [ 2854.250298] ? kvm_vcpu_release+0xa0/0xa0 [ 2854.250310] ? retint_kernel+0x2d/0x2d [ 2854.250321] ? trace_hardirqs_on_caller+0x400/0x590 [ 2854.250333] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2854.250346] ? check_preemption_disabled+0x3c/0x250 [ 2854.250355] ? retint_kernel+0x2d/0x2d [ 2854.250372] ? selinux_file_ioctl+0x19a/0x560 [ 2854.255737] Node 0 [ 2854.259298] ? selinux_file_ioctl+0x213/0x560 [ 2854.259314] ? kvm_vcpu_release+0xa0/0xa0 [ 2854.259326] do_vfs_ioctl+0x7ae/0x1060 [ 2854.259338] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2854.259349] ? lock_downgrade+0x740/0x740 [ 2854.259363] ? ioctl_preallocate+0x1c0/0x1c0 [ 2854.266381] DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2854.268420] ? __fget+0x237/0x370 [ 2854.268441] ? security_file_ioctl+0x89/0xb0 [ 2854.268455] SyS_ioctl+0x8f/0xc0 [ 2854.268466] ? do_vfs_ioctl+0x1060/0x1060 [ 2854.268482] do_syscall_64+0x1e8/0x640 [ 2854.274581] lowmem_reserve[]: [ 2854.277076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2854.277096] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2854.277106] RIP: 0033:0x45b399 [ 2854.277111] RSP: 002b:00007f59c5343c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2854.277122] RAX: ffffffffffffffda RBX: 00007f59c53446d4 RCX: 000000000045b399 [ 2854.277127] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2854.277136] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2854.281723] 0 [ 2854.285692] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2854.285699] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c 12:41:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 2855.038775] 2569 2569 2569 2569 [ 2855.058241] Node 0 DMA32 free:37068kB min:36384kB low:45480kB high:54576kB active_anon:1867236kB inactive_anon:4864kB active_file:12kB inactive_file:56kB unevictable:0kB writepending:0kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17792kB pagetables:56208kB bounce:0kB free_pcp:948kB local_pcp:224kB free_cma:0kB [ 2855.094719] lowmem_reserve[]: 0 0 0 0 0 [ 2855.098783] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2855.133365] lowmem_reserve[]: 0 0 0 0 0 [ 2855.137434] Node 1 Normal free:67748kB min:53504kB low:66880kB high:80256kB active_anon:3372308kB inactive_anon:12kB active_file:3820kB inactive_file:3748kB unevictable:0kB writepending:140kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24224kB pagetables:78516kB bounce:0kB free_pcp:448kB local_pcp:336kB free_cma:0kB [ 2855.172068] lowmem_reserve[]: 0 0 0 0 0 [ 2855.176147] Node 0 DMA: 2*4kB (UE) 6*8kB (UH) 5*16kB (UEH) 4*32kB (UMEH) 3*64kB (UMH) 4*128kB (UMEH) 3*256kB (MEH) 3*512kB (MEH) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2855.196373] Node 0 DMA32: 717*4kB (UME) 2790*8kB (UMEH) 749*16kB (UMH) 2*32kB (E) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37236kB [ 2855.213987] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2855.225658] Node 1 Normal: 585*4kB (UM) 481*8kB (UME) 237*16kB (UME) 112*32kB (UM) 44*64kB (ME) 44*128kB (UME) 116*256kB (UME) 30*512kB (UME) 1*1024kB (U) 0*2048kB 0*4096kB = 68092kB [ 2855.250164] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2855.259461] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2855.313002] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2855.782394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2855.818493] 7527 total pagecache pages [ 2855.838748] 0 pages in swap cache [ 2855.856028] Swap cache stats: add 0, delete 0, find 0/0 [ 2855.878050] Free swap = 0kB [ 2855.895814] Total swap = 0kB [ 2855.918284] 1965979 pages RAM [ 2856.080130] 0 pages HighMem/MovableOnly [ 2856.086867] 335855 pages reserved [ 2856.096207] 0 pages cma reserved [ 2863.388201] syz-executor.2 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2863.464732] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2863.481936] CPU: 0 PID: 7367 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 2863.489781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2863.499142] Call Trace: [ 2863.501922] dump_stack+0x142/0x197 [ 2863.505659] dump_header+0x177/0x6cd [ 2863.509388] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2863.514507] ? ___ratelimit+0x55/0x537 [ 2863.518425] oom_kill_process.cold+0x10/0xadd [ 2863.522941] ? rcu_read_unlock_special+0x639/0xd40 [ 2863.527892] ? lock_downgrade+0x740/0x740 [ 2863.532067] out_of_memory+0x2ee/0x1180 [ 2863.536054] ? lock_acquire+0x16f/0x430 [ 2863.540038] ? oom_killer_disable+0x1d0/0x1d0 [ 2863.544547] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2863.549488] __alloc_pages_slowpath+0x2251/0x2930 [ 2863.554351] ? __alloc_pages_nodemask+0x639/0x7a0 [ 2863.559216] ? warn_alloc+0xf0/0xf0 [ 2863.562866] ? __might_sleep+0x93/0xb0 [ 2863.566767] __alloc_pages_nodemask+0x62c/0x7a0 [ 2863.571464] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2863.576606] ? lock_downgrade+0x740/0x740 [ 2863.580793] alloc_pages_current+0xec/0x1e0 [ 2863.585136] __page_cache_alloc+0x248/0x3e0 [ 2863.589478] filemap_fault+0xcef/0x1de0 [ 2863.593485] ? __lock_page_or_retry+0x8d0/0x8d0 [ 2863.598179] ? lock_acquire+0x16f/0x430 [ 2863.602325] ? ext4_filemap_fault+0x7b/0xb0 [ 2863.606685] ext4_filemap_fault+0x83/0xb0 [ 2863.610836] __do_fault+0x104/0x390 [ 2863.614479] __handle_mm_fault+0x23bd/0x33d0 [ 2863.618919] ? copy_page_range+0x1de0/0x1de0 [ 2863.623338] ? find_held_lock+0x35/0x130 [ 2863.627523] ? handle_mm_fault+0x1b6/0x7c0 [ 2863.631779] handle_mm_fault+0x293/0x7c0 [ 2863.635847] __do_page_fault+0x4c1/0xb80 [ 2863.639924] ? vmalloc_fault+0xe30/0xe30 [ 2863.643994] ? page_fault+0x2f/0x50 [ 2863.647625] do_page_fault+0x71/0x511 [ 2863.651526] ? page_fault+0x2f/0x50 [ 2863.655160] page_fault+0x45/0x50 [ 2863.658617] RIP: 0033:0x4592f0 [ 2863.661803] RSP: 002b:00007ffdd4c6c698 EFLAGS: 00010202 [ 2863.667179] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000459840 [ 2863.674541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bff3c [ 2863.681948] RBP: 0000000000002a9a R08: 0000000000000001 R09: 00000000017ec940 [ 2863.689349] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 2863.696650] R13: 00007ffdd4c6c6d0 R14: 00000000002b8974 R15: 00007ffdd4c6c6e0 [ 2864.551257] Mem-Info: [ 2864.553740] active_anon:1315114 inactive_anon:1219 isolated_anon:0 [ 2864.553740] active_file:3078 inactive_file:3064 isolated_file:32 [ 2864.553740] unevictable:0 dirty:6134 writeback:0 unstable:0 [ 2864.553740] slab_reclaimable:29013 slab_unreclaimable:108263 [ 2864.553740] mapped:52226 shmem:244 pagetables:33618 bounce:0 [ 2864.553740] free:21752 free_pcp:62 free_cma:0 [ 2864.637641] Node 0 active_anon:1876952kB inactive_anon:4864kB active_file:2780kB inactive_file:2664kB unevictable:0kB isolated(anon):0kB isolated(file):212kB mapped:208904kB dirty:5520kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2864.705165] Node 1 active_anon:3383504kB inactive_anon:12kB active_file:9636kB inactive_file:9360kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:19016kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2864.820104] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2864.848781] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2864.853934] Node 0 DMA32 free:27364kB min:36384kB low:45480kB high:54576kB active_anon:1872824kB inactive_anon:4864kB active_file:2812kB inactive_file:2660kB unevictable:0kB writepending:5520kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17824kB pagetables:56220kB bounce:0kB free_pcp:240kB local_pcp:116kB free_cma:0kB [ 2865.112789] lowmem_reserve[]: 0 0 0 0 0 [ 2865.116845] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2865.404960] lowmem_reserve[]: 0 0 0 0 0 [ 2865.409023] Node 1 Normal free:49204kB min:53504kB low:66880kB high:80256kB active_anon:3383504kB inactive_anon:12kB active_file:8824kB inactive_file:9272kB unevictable:0kB writepending:19016kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23840kB pagetables:78252kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2865.675147] lowmem_reserve[]: 0 0 0 0 0 [ 2865.680166] Node 0 DMA: 2*4kB (UE) 6*8kB (UM) 5*16kB (UME) 4*32kB (UME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2865.827202] Node 0 DMA32: 33*4kB (ME) 1925*8kB (UME) 756*16kB (UME) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27628kB [ 2865.890083] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2865.950094] Node 1 Normal: 805*4kB (UME) 412*8kB (UME) 108*16kB (UME) 38*32kB (UME) 5*64kB (UME) 28*128kB (UME) 108*256kB (UE) 16*512kB (UE) 0*1024kB 0*2048kB 0*4096kB = 49204kB [ 2866.014030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2866.047336] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2866.167949] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2866.240092] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2866.248722] 6398 total pagecache pages [ 2866.281493] 0 pages in swap cache [ 2866.284993] Swap cache stats: add 0, delete 0, find 0/0 [ 2866.309589] Free swap = 0kB [ 2866.312733] Total swap = 0kB [ 2866.315908] 1965979 pages RAM [ 2866.319013] 0 pages HighMem/MovableOnly [ 2866.340104] 335855 pages reserved [ 2866.343663] 0 pages cma reserved [ 2866.347049] Out of memory: Kill process 18245 (syz-executor.1) score 1007 or sacrifice child [ 2866.378105] Killed process 18245 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 2866.655055] oom_reaper: reaped process 18245 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 12:41:57 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:57 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:57 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:57 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:41:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:41:57 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2875.345018] syz-executor.0 invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2875.397884] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2875.407141] CPU: 0 PID: 12561 Comm: syz-executor.0 Not tainted 4.14.169-syzkaller #0 [ 2875.415068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2875.424703] Call Trace: [ 2875.427324] dump_stack+0x142/0x197 [ 2875.431096] dump_header+0x177/0x6cd [ 2875.434826] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2875.439955] ? ___ratelimit+0x55/0x537 [ 2875.443972] oom_kill_process.cold+0x10/0xadd [ 2875.448496] ? rcu_read_unlock_special+0x639/0xd40 [ 2875.453447] ? lock_downgrade+0x740/0x740 [ 2875.457612] out_of_memory+0x2ee/0x1180 [ 2875.462554] ? lock_acquire+0x16f/0x430 [ 2875.466543] ? oom_killer_disable+0x1d0/0x1d0 [ 2875.471179] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2875.476124] __alloc_pages_slowpath+0x2251/0x2930 [ 2875.481001] ? warn_alloc+0xf0/0xf0 [ 2875.484666] ? __might_sleep+0x93/0xb0 [ 2875.488681] __alloc_pages_nodemask+0x62c/0x7a0 [ 2875.493509] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2875.498543] ? trace_hardirqs_on+0x10/0x10 [ 2875.502800] ? save_trace+0x290/0x290 [ 2875.506616] ? get_task_policy.part.0+0x85/0xa0 [ 2875.511389] alloc_pages_vma+0xc9/0x4c0 [ 2875.515376] wp_page_copy+0x1f8/0x13d0 [ 2875.519275] ? follow_pfn+0x220/0x220 [ 2875.523221] ? do_raw_spin_unlock+0x174/0x260 [ 2875.527941] do_wp_page+0x24b/0x1250 [ 2875.531665] ? finish_mkwrite_fault+0x620/0x620 [ 2875.536355] __handle_mm_fault+0x1cc3/0x33d0 [ 2875.540807] ? copy_page_range+0x1de0/0x1de0 [ 2875.545222] ? find_held_lock+0x35/0x130 [ 2875.549285] ? handle_mm_fault+0x1b6/0x7c0 [ 2875.553552] handle_mm_fault+0x293/0x7c0 [ 2875.557628] __do_page_fault+0x4c1/0xb80 [ 2875.561698] ? vmalloc_fault+0xe30/0xe30 [ 2875.565876] ? page_fault+0x2f/0x50 [ 2875.569514] do_page_fault+0x71/0x511 [ 2875.573328] ? page_fault+0x2f/0x50 [ 2875.576963] page_fault+0x45/0x50 [ 2875.580425] RIP: 0033:0x4318ec [ 2875.583616] RSP: 002b:00007ffdbf0e7fc0 EFLAGS: 00010202 [ 2875.589031] RAX: 0000000000000020 RBX: 000000000071e640 RCX: 000000000045a704 [ 2875.596323] RDX: 00007ffdbf0e80b0 RSI: 0000000000008030 RDI: 000000000071e640 [ 2875.603639] RBP: 0000000000008040 R08: 0000000000000001 R09: 00000000017e1940 [ 2875.612003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdbf0e9290 [ 2875.619283] R13: 00007ffdbf0e9280 R14: 0000000000000000 R15: 00007ffdbf0e9290 [ 2875.681940] Mem-Info: [ 2875.684444] active_anon:1315041 inactive_anon:1217 isolated_anon:0 [ 2875.684444] active_file:3891 inactive_file:3862 isolated_file:192 [ 2875.684444] unevictable:0 dirty:7879 writeback:0 unstable:0 [ 2875.684444] slab_reclaimable:28927 slab_unreclaimable:108073 [ 2875.684444] mapped:52226 shmem:244 pagetables:33685 bounce:0 [ 2875.684444] free:20195 free_pcp:41 free_cma:0 [ 2875.718657] Node 0 active_anon:1867336kB inactive_anon:4868kB active_file:6096kB inactive_file:6076kB unevictable:0kB isolated(anon):0kB isolated(file):384kB mapped:208904kB dirty:12532kB writeback:0kB shmem:972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2875.747986] Node 1 active_anon:3392828kB inactive_anon:0kB active_file:9364kB inactive_file:9284kB unevictable:0kB isolated(anon):0kB isolated(file):384kB mapped:0kB dirty:18984kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2876.040107] Node 0 DMA free:10408kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2876.402304] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2876.407523] Node 0 DMA32 free:28156kB min:36384kB low:45480kB high:54576kB active_anon:1863208kB inactive_anon:4868kB active_file:6236kB inactive_file:6096kB unevictable:0kB writepending:12532kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17824kB pagetables:56456kB bounce:0kB free_pcp:160kB local_pcp:20kB free_cma:0kB [ 2876.748211] lowmem_reserve[]: 0 0 0 0 0 [ 2876.758977] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2877.060383] lowmem_reserve[]: 0 0 0 0 0 [ 2877.064436] Node 1 Normal free:42200kB min:53504kB low:66880kB high:80256kB active_anon:3392828kB inactive_anon:0kB active_file:9320kB inactive_file:9368kB unevictable:0kB writepending:18984kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24192kB pagetables:78284kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2877.514245] lowmem_reserve[]: 0 0 0 0 0 [ 2877.518295] Node 0 DMA: 2*4kB (UE) 6*8kB (UM) 5*16kB (UME) 4*32kB (ME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2877.668045] Node 0 DMA32: 110*4kB (ME) 1870*8kB (UME) 788*16kB (UM) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28040kB [ 2877.825634] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2877.940111] Node 1 Normal: 306*4kB (UME) 204*8kB (UME) 115*16kB (UE) 64*32kB (UE) 6*64kB (UE) 28*128kB (U) 103*256kB (UM) 10*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42200kB [ 2878.115827] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2878.160343] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2878.168971] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2878.379543] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2878.480108] 8143 total pagecache pages [ 2878.484049] 0 pages in swap cache [ 2878.487621] Swap cache stats: add 0, delete 0, find 0/0 [ 2878.667119] Free swap = 0kB [ 2878.700114] Total swap = 0kB [ 2878.703246] 1965979 pages RAM [ 2878.706370] 0 pages HighMem/MovableOnly [ 2878.842208] 335855 pages reserved [ 2878.845893] 0 pages cma reserved [ 2878.849267] Out of memory: Kill process 18270 (syz-executor.1) score 1007 or sacrifice child [ 2879.000751] Killed process 18270 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 2879.319386] oom_reaper: reaped process 18270 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 12:42:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:09 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:11 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:11 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:11 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2885.959007] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2886.093669] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 2886.110926] CPU: 1 PID: 7349 Comm: syz-fuzzer Not tainted 4.14.169-syzkaller #0 [ 2886.118540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.128023] Call Trace: [ 2886.130737] dump_stack+0x142/0x197 [ 2886.134445] dump_header+0x177/0x6cd [ 2886.138190] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2886.143303] ? ___ratelimit+0x55/0x537 [ 2886.147318] oom_kill_process.cold+0x10/0xadd [ 2886.151828] ? rcu_read_unlock_special+0x639/0xd40 [ 2886.156783] ? lock_downgrade+0x740/0x740 [ 2886.160947] out_of_memory+0x2ee/0x1180 [ 2886.165077] ? lock_acquire+0x16f/0x430 [ 2886.169068] ? oom_killer_disable+0x1d0/0x1d0 [ 2886.173574] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2886.178511] __alloc_pages_slowpath+0x2251/0x2930 [ 2886.183376] ? __alloc_pages_nodemask+0x639/0x7a0 [ 2886.188233] ? warn_alloc+0xf0/0xf0 [ 2886.191907] ? __might_sleep+0x93/0xb0 [ 2886.195816] __alloc_pages_nodemask+0x62c/0x7a0 [ 2886.200511] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2886.205550] ? lock_downgrade+0x740/0x740 [ 2886.209842] alloc_pages_current+0xec/0x1e0 [ 2886.214311] __page_cache_alloc+0x248/0x3e0 [ 2886.218652] filemap_fault+0xcef/0x1de0 [ 2886.222656] ? __lock_page_or_retry+0x8d0/0x8d0 [ 2886.227455] ? lock_acquire+0x16f/0x430 [ 2886.231439] ? ext4_filemap_fault+0x7b/0xb0 [ 2886.235780] ext4_filemap_fault+0x83/0xb0 [ 2886.239962] __do_fault+0x104/0x390 [ 2886.243602] __handle_mm_fault+0x23bd/0x33d0 [ 2886.248050] ? copy_page_range+0x1de0/0x1de0 [ 2886.252474] ? find_held_lock+0x35/0x130 [ 2886.256544] ? handle_mm_fault+0x1b6/0x7c0 [ 2886.260808] handle_mm_fault+0x293/0x7c0 [ 2886.264893] __do_page_fault+0x4c1/0xb80 [ 2886.268962] ? vmalloc_fault+0xe30/0xe30 [ 2886.273040] ? page_fault+0x2f/0x50 [ 2886.276677] do_page_fault+0x71/0x511 [ 2886.280488] ? page_fault+0x2f/0x50 [ 2886.284124] page_fault+0x45/0x50 [ 2886.287580] RIP: 0033:0x4334b0 [ 2886.290777] RSP: 002b:000000c420039f28 EFLAGS: 00010206 [ 2886.296153] RAX: 0000000000000000 RBX: 000000003b2ac17b RCX: 0000029f1fe3126f [ 2886.303430] RDX: 000000001b4eb3c5 RSI: 000000c420145fc0 RDI: 000000c420145f9c [ 2886.310801] RBP: 000000c420039f50 R08: 00007fff2ec81000 R09: 00000304f93a36b0 [ 2886.318080] R10: 000da759e2800000 R11: 0000000000000001 R12: 000002a9a7d5adfe [ 2886.325361] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000004 [ 2886.430132] Mem-Info: [ 2886.432599] active_anon:1318602 inactive_anon:1219 isolated_anon:0 [ 2886.432599] active_file:2755 inactive_file:2797 isolated_file:192 [ 2886.432599] unevictable:0 dirty:5740 writeback:0 unstable:0 [ 2886.432599] slab_reclaimable:28951 slab_unreclaimable:107396 [ 2886.432599] mapped:52226 shmem:244 pagetables:33673 bounce:0 [ 2886.432599] free:19396 free_pcp:129 free_cma:0 [ 2886.616431] Node 0 active_anon:1866588kB inactive_anon:4864kB active_file:5848kB inactive_file:5948kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:11844kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2886.649785] Node 1 active_anon:3407820kB inactive_anon:12kB active_file:5624kB inactive_file:5568kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:11116kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2886.677456] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2886.704046] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2886.709094] Node 0 DMA32 free:27072kB min:36384kB low:45480kB high:54576kB active_anon:1862460kB inactive_anon:4864kB active_file:5896kB inactive_file:5928kB unevictable:0kB writepending:11844kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17888kB pagetables:56072kB bounce:0kB free_pcp:368kB local_pcp:108kB free_cma:0kB [ 2886.836541] lowmem_reserve[]: 0 0 0 0 0 [ 2886.855749] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2886.936178] lowmem_reserve[]: 0 0 0 0 0 [ 2886.944588] Node 1 Normal free:40072kB min:53504kB low:66880kB high:80256kB active_anon:3407820kB inactive_anon:12kB active_file:5492kB inactive_file:5604kB unevictable:0kB writepending:11116kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24000kB pagetables:78620kB bounce:0kB free_pcp:148kB local_pcp:0kB free_cma:0kB [ 2887.164997] lowmem_reserve[]: 0 0 0 0 0 [ 2887.169243] Node 0 DMA: 2*4kB (UE) 6*8kB (UM) 5*16kB (UME) 4*32kB (ME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2887.189582] Node 0 DMA32: 0*4kB 1688*8kB (UME) 807*16kB (UME) 24*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27184kB [ 2887.207363] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2887.218230] Node 1 Normal: 2*4kB (UM) 222*8kB (UM) 203*16kB (UME) 121*32kB (UE) 25*64kB (UME) 41*128kB (UE) 95*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 40072kB [ 2887.238774] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.247984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.314549] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.398468] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.440124] 6005 total pagecache pages [ 2887.444214] 0 pages in swap cache [ 2887.447670] Swap cache stats: add 0, delete 0, find 0/0 [ 2887.524406] Free swap = 0kB [ 2887.527522] Total swap = 0kB [ 2887.535814] 1965979 pages RAM [ 2887.538942] 0 pages HighMem/MovableOnly [ 2887.621698] 335855 pages reserved [ 2887.626509] 0 pages cma reserved [ 2887.667626] Out of memory: Kill process 18945 (syz-executor.1) score 1007 or sacrifice child [ 2887.722377] Killed process 18945 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 2888.010284] oom_reaper: reaped process 18945 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2888.153661] syz-executor.3 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2888.332375] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 2888.338322] CPU: 0 PID: 31005 Comm: syz-executor.3 Not tainted 4.14.169-syzkaller #0 [ 2888.346214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2888.355580] Call Trace: [ 2888.358176] dump_stack+0x142/0x197 [ 2888.361821] dump_header+0x177/0x6cd [ 2888.365547] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2888.370667] ? ___ratelimit+0x55/0x537 [ 2888.374580] oom_kill_process.cold+0x10/0xadd [ 2888.379087] ? rcu_read_unlock_special+0x639/0xd40 [ 2888.384040] ? lock_downgrade+0x740/0x740 [ 2888.388205] out_of_memory+0x2ee/0x1180 [ 2888.392241] ? lock_acquire+0x16f/0x430 [ 2888.396233] ? oom_killer_disable+0x1d0/0x1d0 [ 2888.400739] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2888.405676] __alloc_pages_slowpath+0x2251/0x2930 [ 2888.410557] ? warn_alloc+0xf0/0xf0 [ 2888.414217] ? __might_sleep+0x93/0xb0 [ 2888.418116] __alloc_pages_nodemask+0x62c/0x7a0 [ 2888.422812] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2888.427842] ? ____cache_alloc_node+0x1be/0x1d0 [ 2888.432529] ? cache_grow_begin+0x335/0x400 [ 2888.436864] cache_grow_begin+0x80/0x400 [ 2888.441117] ? __cpuset_node_allowed+0xff/0x450 [ 2888.445804] fallback_alloc+0x1fd/0x2c0 [ 2888.449796] ____cache_alloc_node+0x1be/0x1d0 [ 2888.454309] kmem_cache_alloc+0x1f3/0x780 [ 2888.458484] getname_flags+0xcb/0x580 [ 2888.462304] SyS_symlink+0x68/0x210 [ 2888.465940] ? __do_page_fault+0x358/0xb80 [ 2888.470192] ? SyS_symlinkat+0x210/0x210 [ 2888.474263] ? do_syscall_64+0x53/0x640 [ 2888.478247] ? SyS_symlinkat+0x210/0x210 [ 2888.482426] do_syscall_64+0x1e8/0x640 [ 2888.486489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2888.491361] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2888.496699] RIP: 0033:0x45b0c7 [ 2888.499895] RSP: 002b:00007ffeedfb8618 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 [ 2888.507673] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045b0c7 [ 2888.514957] RDX: 00007ffeedfb86b7 RSI: 00000000004c0f44 RDI: 00007ffeedfb86a0 [ 2888.522238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017 [ 2888.529525] R10: 0000000000000075 R11: 0000000000000206 R12: 0000000000000000 [ 2888.536811] R13: 00007ffeedfb8650 R14: 0000000000000000 R15: 00007ffeedfb8660 [ 2890.083338] Mem-Info: [ 2890.085818] active_anon:1314469 inactive_anon:1219 isolated_anon:0 [ 2890.085818] active_file:3212 inactive_file:3231 isolated_file:96 [ 2890.085818] unevictable:0 dirty:6467 writeback:0 unstable:0 [ 2890.085818] slab_reclaimable:28966 slab_unreclaimable:107379 [ 2890.085818] mapped:52226 shmem:244 pagetables:33641 bounce:0 [ 2890.085818] free:22895 free_pcp:61 free_cma:0 [ 2890.376609] Node 0 active_anon:1863604kB inactive_anon:4864kB active_file:7044kB inactive_file:7000kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:14004kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2890.518728] Node 1 active_anon:3394272kB inactive_anon:12kB active_file:5920kB inactive_file:5948kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:0kB dirty:11880kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2890.613977] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2890.844992] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2890.859483] Node 0 DMA32 free:28184kB min:36384kB low:45480kB high:54576kB active_anon:1859476kB inactive_anon:4864kB active_file:6924kB inactive_file:6808kB unevictable:0kB writepending:14004kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17888kB pagetables:55984kB bounce:0kB free_pcp:236kB local_pcp:116kB free_cma:0kB [ 2891.133118] lowmem_reserve[]: 0 0 0 0 0 [ 2891.137183] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2891.320090] lowmem_reserve[]: 0 0 0 0 0 [ 2891.324148] Node 1 Normal free:53072kB min:53504kB low:66880kB high:80256kB active_anon:3394272kB inactive_anon:12kB active_file:5732kB inactive_file:5872kB unevictable:0kB writepending:11880kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:23968kB pagetables:78580kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2891.532938] lowmem_reserve[]: 0 0 0 0 0 [ 2891.537059] Node 0 DMA: 2*4kB (UE) 6*8kB (UM) 5*16kB (UME) 4*32kB (ME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2891.556625] Node 0 DMA32: 113*4kB (UME) 1778*8kB (UME) 796*16kB (UME) 23*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28148kB [ 2891.599262] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2891.691832] Node 1 Normal: 38*4kB (UME) 333*8kB (UME) 251*16kB (UME) 159*32kB (UME) 35*64kB (UME) 52*128kB (UME) 102*256kB (UM) 4*512kB (M) 2*1024kB (M) 1*2048kB (M) 0*4096kB = 53072kB [ 2891.759741] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2891.769590] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2891.890078] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2891.898994] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2891.977182] 6745 total pagecache pages [ 2892.004360] 0 pages in swap cache [ 2892.007933] Swap cache stats: add 0, delete 0, find 0/0 [ 2892.030121] Free swap = 0kB [ 2892.033236] Total swap = 0kB [ 2892.036257] 1965979 pages RAM [ 2892.039359] 0 pages HighMem/MovableOnly [ 2892.182660] 335855 pages reserved [ 2892.186163] 0 pages cma reserved [ 2892.189535] Out of memory: Kill process 18971 (syz-executor.1) score 1007 or sacrifice child [ 2892.335136] Killed process 18971 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 2892.556529] oom_reaper: reaped process 18971 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 12:42:11 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:23 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:23 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:23 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:24 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2902.606556] syz-executor.4 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=1000 [ 2902.722362] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 2902.727833] CPU: 0 PID: 31049 Comm: syz-executor.4 Not tainted 4.14.169-syzkaller #0 [ 2902.735741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.745213] Call Trace: [ 2902.747814] dump_stack+0x142/0x197 [ 2902.751464] dump_header+0x177/0x6cd [ 2902.755267] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2902.760402] ? ___ratelimit+0x55/0x537 [ 2902.764327] oom_kill_process.cold+0x10/0xadd [ 2902.769793] ? oom_unkillable_task+0x294/0x390 [ 2902.774399] ? lock_downgrade+0x740/0x740 [ 2902.778698] out_of_memory+0x2ee/0x1180 [ 2902.782689] ? lock_acquire+0x16f/0x430 [ 2902.786689] ? oom_killer_disable+0x1d0/0x1d0 [ 2902.791202] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2902.796143] __alloc_pages_slowpath+0x2251/0x2930 [ 2902.801019] ? __alloc_pages_nodemask+0x639/0x7a0 [ 2902.805879] ? warn_alloc+0xf0/0xf0 [ 2902.809522] ? __might_sleep+0x93/0xb0 [ 2902.813430] __alloc_pages_nodemask+0x62c/0x7a0 [ 2902.818117] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2902.824102] ? lock_downgrade+0x740/0x740 [ 2902.828264] alloc_pages_current+0xec/0x1e0 [ 2902.832606] __page_cache_alloc+0x248/0x3e0 [ 2902.836947] filemap_fault+0xcef/0x1de0 [ 2902.840945] ? __lock_page_or_retry+0x8d0/0x8d0 [ 2902.845623] ? lock_acquire+0x16f/0x430 [ 2902.849604] ? ext4_filemap_fault+0x7b/0xb0 [ 2902.853949] ext4_filemap_fault+0x83/0xb0 [ 2902.858102] __do_fault+0x104/0x390 [ 2902.861742] __handle_mm_fault+0x23bd/0x33d0 [ 2902.866163] ? copy_page_range+0x1de0/0x1de0 [ 2902.870580] ? find_held_lock+0x35/0x130 [ 2902.874646] ? handle_mm_fault+0x1b6/0x7c0 [ 2902.878899] handle_mm_fault+0x293/0x7c0 [ 2902.883055] __do_page_fault+0x4c1/0xb80 [ 2902.887128] ? vmalloc_fault+0xe30/0xe30 [ 2902.891197] ? page_fault+0x2f/0x50 [ 2902.894839] do_page_fault+0x71/0x511 [ 2902.899111] ? page_fault+0x2f/0x50 [ 2902.902749] page_fault+0x45/0x50 [ 2902.906207] RIP: 0033:0x40ddc0 [ 2902.909569] RSP: 002b:00007fffc5e3f010 EFLAGS: 00010283 [ 2902.915055] RAX: 0000000000760938 RBX: 000000000075c118 RCX: 0000000000000001 [ 2902.922630] RDX: 0000000000000001 RSI: ffffffffffffffff RDI: 000000000075c118 [ 2902.929939] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 2902.937222] R10: 00007fffc5e3f110 R11: 0000000000000000 R12: 000000000075c118 [ 2902.944503] R13: 000000000075c9a0 R14: 0000000000760940 R15: 000000000075c124 [ 2904.478159] Mem-Info: [ 2904.543639] active_anon:1314852 inactive_anon:1220 isolated_anon:0 [ 2904.543639] active_file:3891 inactive_file:3865 isolated_file:128 [ 2904.543639] unevictable:0 dirty:7852 writeback:0 unstable:0 [ 2904.543639] slab_reclaimable:28488 slab_unreclaimable:108195 [ 2904.543639] mapped:52228 shmem:246 pagetables:33704 bounce:0 [ 2904.543639] free:20685 free_pcp:46 free_cma:0 [ 2904.864366] Node 0 active_anon:1872656kB inactive_anon:4868kB active_file:2768kB inactive_file:2808kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208908kB dirty:5752kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2905.229353] Node 1 active_anon:3386752kB inactive_anon:12kB active_file:12548kB inactive_file:12584kB unevictable:0kB isolated(anon):0kB isolated(file):512kB mapped:4kB dirty:25656kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2905.559445] Node 0 DMA free:10440kB min:216kB low:268kB high:320kB active_anon:4128kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2905.617158] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2905.622349] Node 0 DMA32 free:27508kB min:36384kB low:45480kB high:54576kB active_anon:1868528kB inactive_anon:4868kB active_file:2816kB inactive_file:2836kB unevictable:0kB writepending:5752kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:18048kB pagetables:56060kB bounce:0kB free_pcp:168kB local_pcp:104kB free_cma:0kB [ 2905.661708] lowmem_reserve[]: 0 0 0 0 0 [ 2905.665757] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2905.990122] lowmem_reserve[]: 0 0 0 0 0 [ 2905.994612] Node 1 Normal free:44824kB min:53504kB low:66880kB high:80256kB active_anon:3386752kB inactive_anon:12kB active_file:12576kB inactive_file:12576kB unevictable:0kB writepending:25656kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24064kB pagetables:78756kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2906.024710] lowmem_reserve[]: 0 0 0 0 0 [ 2906.028844] Node 0 DMA: 2*4kB (UE) 6*8kB (UM) 5*16kB (UME) 4*32kB (ME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10440kB [ 2906.044446] Node 0 DMA32: 118*4kB (UME) 1696*8kB (UME) 813*16kB (UME) 18*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27624kB [ 2906.058358] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2906.069179] Node 1 Normal: 578*4kB (UME) 332*8kB (UME) 311*16kB (UME) 142*32kB (UM) 30*64kB (UME) 26*128kB (UME) 94*256kB (U) 2*512kB (UE) 0*1024kB 0*2048kB 0*4096kB = 44824kB [ 2906.100090] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2906.109098] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2906.168169] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2906.250587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2906.259482] 8120 total pagecache pages [ 2906.315039] 0 pages in swap cache [ 2906.318558] Swap cache stats: add 0, delete 0, find 0/0 [ 2906.399783] Free swap = 0kB [ 2906.426383] Total swap = 0kB [ 2906.429462] 1965979 pages RAM [ 2906.440189] 0 pages HighMem/MovableOnly [ 2906.444209] 335855 pages reserved [ 2906.447674] 0 pages cma reserved [ 2906.459000] Out of memory: Kill process 20538 (syz-executor.1) score 1007 or sacrifice child [ 2906.467902] Killed process 20538 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 2906.735865] oom_reaper: reaped process 20538 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 12:42:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:37 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:37 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:38 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:38 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:39 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:39 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:39 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:39 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:39 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:40 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:42 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:42 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:42 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:42 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:42 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2918.713225] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2918.726671] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 2918.750078] CPU: 1 PID: 7346 Comm: syz-fuzzer Not tainted 4.14.169-syzkaller #0 [ 2918.759333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2918.769074] Call Trace: [ 2918.771685] dump_stack+0x142/0x197 [ 2918.775513] dump_header+0x177/0x6cd [ 2918.779240] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2918.784899] ? ___ratelimit+0x55/0x537 [ 2918.788899] oom_kill_process.cold+0x10/0xadd [ 2918.793409] ? rcu_read_unlock_special+0x639/0xd40 [ 2918.798534] ? lock_downgrade+0x740/0x740 [ 2918.803035] out_of_memory+0x2ee/0x1180 [ 2918.807452] ? lock_acquire+0x16f/0x430 [ 2918.811487] ? oom_killer_disable+0x1d0/0x1d0 [ 2918.816209] ? __alloc_pages_slowpath+0xca4/0x2930 [ 2918.821235] __alloc_pages_slowpath+0x2251/0x2930 [ 2918.826103] ? __alloc_pages_nodemask+0x639/0x7a0 [ 2918.831613] ? warn_alloc+0xf0/0xf0 [ 2918.835292] ? __might_sleep+0x93/0xb0 [ 2918.839462] __alloc_pages_nodemask+0x62c/0x7a0 [ 2918.844330] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2918.849889] ? lock_downgrade+0x740/0x740 [ 2918.854212] alloc_pages_current+0xec/0x1e0 [ 2918.858561] __page_cache_alloc+0x248/0x3e0 [ 2918.862906] filemap_fault+0xcef/0x1de0 [ 2918.867330] ? __lock_page_or_retry+0x8d0/0x8d0 [ 2918.872264] ? lock_acquire+0x16f/0x430 [ 2918.876336] ? ext4_filemap_fault+0x7b/0xb0 [ 2918.880768] ext4_filemap_fault+0x83/0xb0 [ 2918.885175] __do_fault+0x104/0x390 [ 2918.889182] __handle_mm_fault+0x23bd/0x33d0 [ 2918.893615] ? copy_page_range+0x1de0/0x1de0 [ 2918.898133] ? find_held_lock+0x35/0x130 [ 2918.902214] ? handle_mm_fault+0x1b6/0x7c0 [ 2918.906790] handle_mm_fault+0x293/0x7c0 [ 2918.910879] __do_page_fault+0x4c1/0xb80 [ 2918.915072] ? vmalloc_fault+0xe30/0xe30 [ 2918.919236] ? page_fault+0x2f/0x50 [ 2918.922912] do_page_fault+0x71/0x511 [ 2918.926748] ? page_fault+0x2f/0x50 [ 2918.930715] page_fault+0x45/0x50 [ 2918.934352] RIP: 0033:0x410832 [ 2918.937635] RSP: 002b:000000c42247b698 EFLAGS: 00010212 [ 2918.943552] RAX: 0000000000842c80 RBX: 0000000000000000 RCX: 000000c427b5cf00 [ 2918.950914] RDX: 000000001af7a079 RSI: 000000c420051fc0 RDI: 000000c420051f9c [ 2918.958862] RBP: 000000c42247b6b8 R08: 00007fff2ec81000 R09: 0000030d01324cb6 [ 2918.966257] R10: 000d7bd03c800000 R11: 0000000000000001 R12: 0000000000000000 [ 2918.973719] R13: 0000000000000018 R14: 0000000000000054 R15: 0000000000000100 [ 2919.757338] Mem-Info: [ 2919.759822] active_anon:1312282 inactive_anon:1218 isolated_anon:0 [ 2919.759822] active_file:4003 inactive_file:4117 isolated_file:49 [ 2919.759822] unevictable:0 dirty:8190 writeback:0 unstable:0 [ 2919.759822] slab_reclaimable:28286 slab_unreclaimable:108355 [ 2919.759822] mapped:52226 shmem:244 pagetables:33717 bounce:0 [ 2919.759822] free:23029 free_pcp:33 free_cma:0 [ 2919.853843] Node 0 active_anon:1853552kB inactive_anon:4864kB active_file:4136kB inactive_file:4636kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:8848kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2920.036132] Node 1 active_anon:3395576kB inactive_anon:8kB active_file:11656kB inactive_file:11588kB unevictable:0kB isolated(anon):0kB isolated(file):768kB mapped:0kB dirty:23912kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2920.064680] Node 0 DMA free:10412kB min:216kB low:268kB high:320kB active_anon:4168kB inactive_anon:0kB active_file:16kB inactive_file:20kB unevictable:0kB writepending:36kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2920.093384] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2920.098923] Node 0 DMA32 free:32568kB min:36384kB low:45480kB high:54576kB active_anon:1849384kB inactive_anon:4864kB active_file:4120kB inactive_file:4676kB unevictable:0kB writepending:8812kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17920kB pagetables:56088kB bounce:0kB free_pcp:132kB local_pcp:4kB free_cma:0kB [ 2920.134755] lowmem_reserve[]: 0 0 0 0 0 [ 2920.138952] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2920.378580] lowmem_reserve[]: 0 0 0 0 0 [ 2920.452536] Node 1 Normal free:49168kB min:53504kB low:66880kB high:80256kB active_anon:3395576kB inactive_anon:8kB active_file:11524kB inactive_file:11604kB unevictable:0kB writepending:23912kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24000kB pagetables:78780kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2920.572200] lowmem_reserve[]: 0 0 0 0 0 [ 2920.576519] Node 0 DMA: 3*4kB (UME) 2*8kB (UM) 3*16kB (ME) 5*32kB (ME) 3*64kB (UM) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10412kB [ 2920.613431] Node 0 DMA32: 1206*4kB (UME) 1246*8kB (UME) 959*16kB (UME) 65*32kB (UME) 5*64kB (ME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32536kB [ 2920.704225] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2920.806286] Node 1 Normal: 1292*4kB (UME) 588*8kB (UME) 558*16kB (UME) 289*32kB (UME) 54*64kB (UME) 4*128kB (UM) 67*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 49168kB [ 2920.889584] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2920.899723] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2920.911138] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2920.921723] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2920.930825] 8455 total pagecache pages [ 2920.934920] 0 pages in swap cache [ 2920.938750] Swap cache stats: add 0, delete 0, find 0/0 [ 2920.944695] Free swap = 0kB [ 2920.947967] Total swap = 0kB [ 2920.951163] 1965979 pages RAM [ 2920.954376] 0 pages HighMem/MovableOnly [ 2920.959016] 335855 pages reserved [ 2920.962555] 0 pages cma reserved [ 2920.965984] Out of memory: Kill process 21403 (syz-executor.1) score 1007 or sacrifice child [ 2921.100133] Killed process 21403 (syz-executor.1) total-vm:72984kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB 12:42:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:51 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:51 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:52 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:52 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:52 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:53 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:53 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:53 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:54 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2925.012363] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 2925.033863] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2925.054115] CPU: 0 PID: 31261 Comm: syz-executor.5 Not tainted 4.14.169-syzkaller #0 [ 2925.062133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2925.071499] Call Trace: [ 2925.074106] dump_stack+0x142/0x197 [ 2925.077865] warn_alloc.cold+0x96/0x1af [ 2925.081860] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 2925.086755] ? wait_for_completion+0x420/0x420 [ 2925.091363] __alloc_pages_slowpath+0x23c6/0x2930 [ 2925.096622] ? warn_alloc+0xf0/0xf0 [ 2925.100301] ? __might_sleep+0x93/0xb0 [ 2925.104204] __alloc_pages_nodemask+0x62c/0x7a0 [ 2925.108894] ? __alloc_pages_slowpath+0x2930/0x2930 [ 2925.113932] ? retint_kernel+0x2d/0x2d [ 2925.117847] alloc_pages_current+0xec/0x1e0 [ 2925.122344] kvm_mmu_create+0xdf/0x1e0 [ 2925.126244] kvm_arch_vcpu_init+0x29c/0x8e0 [ 2925.130591] kvm_vcpu_init+0x272/0x360 [ 2925.134495] vmx_create_vcpu+0xfc/0x2aa0 [ 2925.138566] ? mutex_trylock+0x1c0/0x1c0 [ 2925.142663] ? handle_rdmsr+0x6e0/0x6e0 [ 2925.146660] ? wait_for_completion+0x420/0x420 [ 2925.151270] kvm_arch_vcpu_create+0x8c/0xc0 [ 2925.155610] kvm_vm_ioctl+0x501/0x1600 [ 2925.159519] ? __lock_acquire+0x5f7/0x4620 [ 2925.163772] ? retint_kernel+0x2d/0x2d [ 2925.167674] ? kvm_vcpu_release+0xa0/0xa0 [ 2925.171834] ? retint_kernel+0x2d/0x2d [ 2925.175740] ? trace_hardirqs_on_caller+0x400/0x590 [ 2925.181213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2925.186036] ? check_preemption_disabled+0x3c/0x250 [ 2925.191065] ? retint_kernel+0x2d/0x2d [ 2925.194992] ? selinux_file_ioctl+0x19a/0x560 [ 2925.199486] ? selinux_file_ioctl+0x239/0x560 [ 2925.203995] ? kvm_vcpu_release+0xa0/0xa0 [ 2925.208146] do_vfs_ioctl+0x7ae/0x1060 [ 2925.212041] ? selinux_file_mprotect+0x5d0/0x5d0 [ 2925.216804] ? lock_downgrade+0x740/0x740 [ 2925.220951] ? ioctl_preallocate+0x1c0/0x1c0 [ 2925.225385] ? __fget+0x237/0x370 [ 2925.228855] ? security_file_ioctl+0x89/0xb0 [ 2925.233395] SyS_ioctl+0x8f/0xc0 [ 2925.236778] ? do_vfs_ioctl+0x1060/0x1060 [ 2925.240941] do_syscall_64+0x1e8/0x640 [ 2925.244841] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2925.249706] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2925.254916] RIP: 0033:0x45b399 [ 2925.258371] RSP: 002b:00007f23b8ee2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2925.266100] RAX: ffffffffffffffda RBX: 00007f23b8ee36d4 RCX: 000000000045b399 [ 2925.273372] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 2925.280658] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2925.287961] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2925.295251] R13: 000000000000038a R14: 00000000004c4b5f R15: 000000000075bf2c [ 2925.308593] warn_alloc_show_mem: 1 callbacks suppressed [ 2925.308616] Mem-Info: [ 2925.317797] active_anon:1308130 inactive_anon:1220 isolated_anon:0 [ 2925.317797] active_file:1210 inactive_file:743 isolated_file:32 [ 2925.317797] unevictable:0 dirty:291 writeback:0 unstable:0 [ 2925.317797] slab_reclaimable:28093 slab_unreclaimable:109120 [ 2925.317797] mapped:53441 shmem:246 pagetables:33830 bounce:0 [ 2925.317797] free:32292 free_pcp:450 free_cma:0 [ 2925.354268] Node 0 active_anon:1853156kB inactive_anon:4864kB active_file:4kB inactive_file:2548kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209004kB dirty:2404kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 974848kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2925.469975] Node 1 active_anon:3379364kB inactive_anon:16kB active_file:4836kB inactive_file:5224kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:4760kB dirty:2560kB writeback:900kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2925.597869] Node 0 DMA free:10408kB min:216kB low:268kB high:320kB active_anon:4168kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2925.675909] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 2925.687008] Node 0 DMA32 free:39088kB min:36384kB low:45480kB high:54576kB active_anon:1848988kB inactive_anon:4864kB active_file:4kB inactive_file:148kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:17952kB pagetables:56008kB bounce:0kB free_pcp:900kB local_pcp:704kB free_cma:0kB [ 2925.721938] lowmem_reserve[]: 0 0 0 0 0 [ 2925.726603] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2925.753156] lowmem_reserve[]: 0 0 0 0 0 [ 2925.757816] Node 1 Normal free:81896kB min:53504kB low:66880kB high:80256kB active_anon:3379364kB inactive_anon:16kB active_file:2364kB inactive_file:3292kB unevictable:0kB writepending:812kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:24160kB pagetables:79312kB bounce:0kB free_pcp:1300kB local_pcp:656kB free_cma:0kB [ 2925.791648] lowmem_reserve[]: 0 0 0 0 0 [ 2925.796265] Node 0 DMA: 2*4kB (UE) 6*8kB (UME) 3*16kB (M) 6*32kB (UME) 2*64kB (M) 4*128kB (UME) 3*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10408kB [ 2925.814711] Node 0 DMA32: 3181*4kB (UME) 1256*8kB (UMEH) 920*16kB (UMEH) 50*32kB (UMEH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39092kB [ 2925.836217] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2925.859082] Node 1 Normal: 1579*4kB (UME) 802*8kB (UME) 1081*16kB (UME) 715*32kB (UME) 200*64kB (UME) 13*128kB (UME) 60*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 82732kB [ 2925.881392] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2925.893894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2925.905765] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2925.918980] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2925.933486] 1596 total pagecache pages [ 2925.937992] 0 pages in swap cache [ 2925.943075] Swap cache stats: add 0, delete 0, find 0/0 [ 2925.948775] Free swap = 0kB [ 2925.960295] Total swap = 0kB [ 2925.966250] 1965979 pages RAM [ 2925.969415] 0 pages HighMem/MovableOnly [ 2925.974648] 335855 pages reserved [ 2925.978839] 0 pages cma reserved 12:42:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:56 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:56 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:56 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:56 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:56 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:57 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:58 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:58 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:59 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:42:59 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:59 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:42:59 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:43:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:43:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:43:01 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12:43:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000002440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f0000000140)='./bus\x00', 0x6, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:43:01 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2932.005362] kasan: CONFIG_KASAN_INLINE enabled 12:43:02 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2932.156506] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 2932.179462] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 2932.185763] Modules linked in: [ 2932.189273] CPU: 0 PID: 31405 Comm: modprobe Not tainted 4.14.169-syzkaller #0 [ 2932.196637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2932.205996] task: ffff888050bd0300 task.stack: ffff8881af760000 [ 2932.212064] RIP: 0010:path_openat+0x20b/0x3db0 [ 2932.216653] RSP: 0018:ffff8881af767b28 EFLAGS: 00010247 [ 2932.222147] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0001020304050608 [ 2932.229421] RDX: 0000000000000000 RSI: 1ffff11035eecf56 RDI: 0000000000000004 [ 2932.236721] RBP: ffff8881af767c80 R08: ffff888050bd0300 R09: 0000000000000001 [ 2932.244176] R10: 0000000000000000 R11: 0000000000000003 R12: ffff8881af767cc0 [ 2932.251450] R13: ffff8881af767cc0 R14: ffff888055c8d880 R15: 0000000000000000 [ 2932.258725] FS: 00007f9564ad8700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 2932.266955] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2932.272839] CR2: 00000000210001ff CR3: 00000001e6a6b000 CR4: 00000000001426f0 [ 2932.280117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2932.287400] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2932.294673] Call Trace: [ 2932.297269] ? trace_hardirqs_on_caller+0x400/0x590 [ 2932.302326] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2932.306948] ? save_trace+0x290/0x290 [ 2932.310798] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 2932.315479] ? save_trace+0x290/0x290 [ 2932.319399] ? __alloc_fd+0x1d4/0x4a0 [ 2932.323208] do_filp_open+0x18e/0x250 [ 2932.327026] ? may_open_dev+0xe0/0xe0 [ 2932.329712] syz-executor.2: [ 2932.330827] ? do_raw_spin_unlock+0x174/0x260 [ 2932.330836] ? _raw_spin_unlock+0x2d/0x50 [ 2932.330843] ? __alloc_fd+0x1d4/0x4a0 [ 2932.330857] do_sys_open+0x2c5/0x430 [ 2932.330866] ? filp_open+0x70/0x70 [ 2932.330875] SyS_open+0x2d/0x40 [ 2932.330881] ? do_sys_open+0x430/0x430 [ 2932.330889] do_syscall_64+0x1e8/0x640 [ 2932.330896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2932.330906] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 2932.330912] RIP: 0033:0x7f95643f0120 [ 2932.330916] RSP: 002b:00007ffde8263368 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2932.330923] RAX: ffffffffffffffda RBX: 00005642c2052240 RCX: 00007f95643f0120 [ 2932.330927] RDX: 00007ffde826359c RSI: 0000000000080000 RDI: 00007ffde8263580 12:43:02 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000005c0), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f00000002c0)=0x1, 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) write$nbd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x100000000004cb, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2932.330931] RBP: 00007f95648c0300 R08: 0000000000000000 R09: 00005642c2052219 [ 2932.330935] R10: 0000000000000000 R11: 0000000000000246 R12: 00005642c204a210 [ 2932.330939] R13: 00005642c2052210 R14: 00005642c204a210 R15: 00007ffde8263580 [ 2932.330947] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 03 30 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5e 58 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 [ 2932.331081] RIP: path_openat+0x20b/0x3db0 RSP: ffff8881af767b28 [ 2932.362557] ---[ end trace 7f5f19c06891bed8 ]--- [ 2932.488657] Kernel panic - not syncing: Fatal exception [ 2932.495749] Kernel Offset: disabled [ 2932.499615] Rebooting in 86400 seconds..